LoginID Service API (0.2.0)
These APIs can be used to manage authentication, users, and user credentials.
Initiate user registration (FIDO2)
Service token scope: auth.register
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string |
username | string |
object |
Responses
Request samples
- Payload
{- "client_id": "string",
- "username": "string",
- "options": {
- "roaming_authenticator": true,
- "display_name": "username",
- "override_name": "username",
- "register_session": "string"
}
}
Response samples
- 200
{- "attestation_payload": {
- "credential_uuid": "b7bd9990-2c43-4dce-9286-93cccf81bc62",
- "authenticatorSelection": {
- "authenticatorAttachment": "platform",
- "userVerification": "required"
}, - "challenge": "pO9V4DruYKrXClSwUn9pRIapBfFcl_l0khQd7YwqQRE",
- "excludeCredentials": [
- [
- "685f4226-5431-4bd0-b847-1561d1686506",
- "fca3a075-c848-46ef-b3d3-00074620ce37"
]
], - "pubKeyCredParams": [
- {
- "type": "public-key",
- "alg": -7
}
], - "rp": {
- "id": "localhost",
- "name": "LoginID Inc."
}, - "user": {
- "id": "33a1ee3e-2e24-4887-a649-7d1836296f96",
- "name": "john.doe",
- "displayName": "John Doe"
}
}, - "register_session": "b34877e9-54ac-4c43-8ea8-5b9bd8732980"
}
Finalize user registration (FIDO2)
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string |
username | string |
object | |
object | |
no_jwt | boolean Default: false If set to |
Responses
Request samples
- Payload
{- "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
- "username": "john.doe",
- "attestation_payload": {
- "credential_uuid": "b7bd9990-2c43-4dce-9286-93cccf81bc62",
- "credential_id": "5dEDbWqk0BAc1lKwFI057rkTHPd7zHBvlDb5pd_HlTw",
- "challenge": "pO9V4DruYKrXClSwUn9pRIapBfFcl_l0khQd7YwqQRE",
- "client_data": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicE85VjREcnVZS3JYQ2x",
- "attestation_data": "b7bd9990-2c43-4dce-9286-93cccf81bc62"
}, - "options": {
- "credential_name": "string"
}, - "no_jwt": false
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
User registration (password)
Service token scope: auth.register
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string |
username | string |
password | string |
password_confirmation | string |
no_jwt | boolean Default: false If set to |
Responses
Request samples
- Payload
{- "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
- "username": "john.doe",
- "password": "string",
- "password_confirmation": "string",
- "no_jwt": false
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
Initiate user login (FIDO2)
Service token scope: auth.login
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string |
username | string |
Responses
Request samples
- Payload
{- "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
- "username": "john.doe"
}
Response samples
- 200
{- "assertion_payload": {
- "challenge": "pO9V4DruYKrXClSwUn9pRIapBfFcl_l0khQd7YwqQRE",
- "allowCredentials": [
- {
- "id": "QwyAKUcyNuSj8AD-Ynqi3lI958KpWs -Y9YptZ9KFGLVidh",
- "type": "public-key",
- "transports": [
- "internal"
]
}
], - "rpId": "localhost"
}
}
Finalize user login (FIDO2)
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string |
username | string |
object | |
no_jwt | boolean Default: false If set to |
Responses
Request samples
- Payload
{- "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
- "username": "john.doe",
- "assertion_payload": {
- "credential_id": "5dEDbWqk0BAc1lKwFI057rkTHPd7zHBvlDb5pd_HlTw",
- "challenge": "pO9V4DruYKrXClSwUn9pRIapBfFcl_l0khQd7YwqQRE",
- "client_data": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicE85VjREcnVZS3JYQ2x",
- "authenticator_data": "b7bd9990-2c43-4dce-9286-93cccf81bc62",
- "signature": "x2QYJ3SZVncERjV58EciojIldmblxGiIlRXYlJ3Yu4Ga0VXYiV2diojIlBXe0Jye"
}, - "no_jwt": false
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
User login (password)
Service token scope: auth.login
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string |
username | string |
password | string |
no_jwt | boolean Default: false If set to |
Responses
Request samples
- Payload
{- "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
- "username": "john.doe",
- "password": "string",
- "no_jwt": false
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
User login (authentication code)
Service token scope: auth.temporary
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string |
username | string |
object (CodeWithType) | |
no_wait | boolean |
no_jwt | boolean Default: false If set to |
Responses
Request samples
- Payload
{- "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
- "username": "john.doe",
- "authentication_code": {
- "code": "string",
- "type": "short"
}, - "no_wait": true,
- "no_jwt": false
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
Init user login process with public key.
Service token scope: auth.login
Request Body schema: applicattion/json
client_id | string |
username | string |
publickey_alg | string Default: "ES256" |
publickey | string |
Responses
Request samples
- Payload
{- "client_id": "[client ID]",
- "username": "[username]",
- "publickey_alg": "ES256",
- "publickey": "[base64url-encoded publickey]"
}
Response samples
- 200
{- "challenge_id": "[temporary unique id]",
- "server_nonce": "[base64url-encoded server nonce]"
}
complete user login with publickey
Request Body schema: application/json
client_id | string |
username | string |
challenge_id | string |
assertion | string |
no_jwt | boolean Default: false If set to |
Responses
Request samples
- Payload
{- "client_id": "[client ID]",
- "username": "[username]",
- "challenge_id": "[temporary unique id]",
- "assertion": "[JWT string]",
- "no_jwt": false
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
Init user login process with phone number.
Service token scope: auth.temporary
. Either user_id
or username
must be provided.
Request Body schema: application/json
client_id | string |
username | string |
user_id | string |
credential_uuid | string |
delivery_mode | string Default: "sms" Enum: "sms" "voice" |
locale | string Default: "en-US" Enum: "en-US" "zh-CN" "es-ES" |
Responses
Request samples
- Payload
{- "client_id": "[client ID]",
- "username": "user@example.com",
- "user_id": "[user ID]",
- "credential_uuid": "[credential UUID]",
- "delivery_mode": "sms",
- "locale": "en-US"
}
Response samples
- 200
{- "credential_uuid": "[credential UUID]"
}
Complete user login with phone number
Request Body schema: application/json
client_id | string |
user_id | string |
username | string |
credential_uuid | string |
otp | string |
Responses
Request samples
- Payload
{- "client_id": "[client ID]",
- "user_id": "[user ID]",
- "username": "user@example.com",
- "credential_uuid": "[credential UUID]",
- "otp": "123456"
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
Init user login process with email.
Service token scope: auth.login_restricted
. Either user_id
or username
must be provided.
Request Body schema: application/json
client_id | string |
username | string |
user_id | string |
credential_uuid | string |
link_url | string |
locale | string Default: "en-US" Value: "en-US" |
Responses
Request samples
- Payload
{- "client_id": "[client ID]",
- "username": "user@example.com",
- "user_id": "[user ID]",
- "credential_uuid": "[credential UUID]",
- "link_url": "[http://localhost:8080/verify?code=]",
- "locale": "en-US"
}
Response samples
- 200
{- "credential_uuid": "[credential UUID]"
}
Complete user login with email.
Request Body schema: application/json
client_id | string |
user_id | string |
username | string |
credential_uuid | string |
otp | string |
via_link | boolean Default: false |
Responses
Request samples
- Payload
{- "client_id": "[client ID]",
- "user_id": "[user ID]",
- "username": "user@example.com",
- "credential_uuid": "[credential UUID]",
- "otp": "123456",
- "via_link": false
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
Complete user login with TOTP credential
Service token scope: auth.temporary
. Either username
or user_id
must be present.
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id required | string <uuid> |
username | string <email> |
user_id | string <uuid> |
credential_uuid | string <uuid> |
otp required | string |
no_jwt | boolean Default: false If set to |
Responses
Request samples
- Payload
{- "client_id": "5b3fa7ba-57d3-4017-a65b-d57dcd2db643",
- "username": "user@example.com",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "credential_uuid": "17377ab6-a94f-4768-9f7f-939b5fbc9d4b",
- "otp": "123456",
- "no_jwt": false
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
Create transaction
Service token scope: tx.create
Request Body schema: application/json
client_id required | string |
tx_payload required | string |
nonce | string |
tx_schema | string Enum: "none" "base64" "base64url" "3ds_psd2" |
Responses
Request samples
- Payload
{- "client_id": "string",
- "tx_payload": "string",
- "nonce": "string",
- "tx_schema": "none"
}
Response samples
- 200
{- "tx_id": "string",
- "url": "string"
}
Initialize confirmation of transaction
Service token scope: tx.create
if tx_payload
given instead of tx_id
Request Body schema: application/json
client_id required | string |
username required | string |
tx_id | string ID of already-created transaction; not applicable if |
tx_payload | string Payload of transaction to create; not applicable if |
nonce | string Unique value to include in transaction signature; not applicable if |
Responses
Request samples
- Payload
{- "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
- "username": "john.doe",
- "tx_id": "transaction id",
- "tx_payload": "transaction text to be signed",
- "nonce": "PtREk2Lza7KvjHda"
}
Response samples
- 200
{- "tx_id": "5de548f0-caa2-4a5f-93f3-066ae6fc8feb",
- "assertion_options": {
- "challenge": "pO9V4DruYKrXClSwUn9pRIapBfFcl_l0khQd7YwqQRE",
- "allowCredentials": [
- {
- "id": "QwyAKUcyNuSj8AD-Ynqi3lI958KpWsG-Y9YptZ9KFGLVidh",
- "type": "public-key",
- "transports": [
- [
- "internal"
]
]
}
], - "rpId": "localhost"
}
}
Create and initialize transaction
Service token scope: tx.create
Request Body schema: application/json
client_id required | string |
username required | string |
tx_payload required | string |
nonce | string |
tx_schema | string Enum: "none" "base64" "base64url" "3ds_psd2" |
Responses
Request samples
- Payload
{- "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
- "username": "john.doe",
- "tx_payload": "transaction text to be signed",
- "nonce": "PtREk2Lza7KvjHda",
- "tx_schema": "none"
}
Response samples
- 200
{- "tx_id": "5de548f0-caa2-4a5f-93f3-066ae6fc8feb",
- "assertion_options": {
- "challenge": "pO9V4DruYKrXClSwUn9pRIapBfFcl_l0khQd7YwqQRE",
- "allowCredentials": [
- {
- "id": "QwyAKUcyNuSj8AD-Ynqi3lI958KpWsG-Y9YptZ9KFGLVidh",
- "type": "public-key",
- "transports": [
- [
- "internal"
]
]
}
], - "rpId": "localhost"
}
}
Complete transaction with signature
Request Body schema: application/json
client_id required | string |
username required | string |
tx_id required | string |
challenge required | string |
key_handle required | string |
client_data required | string |
auth_data required | string |
sign_data required | string |
Responses
Request samples
- Payload
{- "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
- "username": "john.doe",
- "tx_id": "5de548f0-caa2-4a5f-93f3-066ae6fc8feb",
- "challenge": "pO9V4DruYKrXClSwUn9pRIapBfFcl_l0khQd7YwqQRE",
- "key_handle": "5dEDbWqk0BAc1lKwFI057rkTHPd7zHBvlDb5pd_HlTw",
- "client_data": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicE85VjREcnVZS3JYQ2x",
- "auth_data": "b7bd9990-2c43-4dce-9286-93cccf81bc62",
- "sign_data": "x2QYJ3SZVncERjV58EciojIldmblxGiIlRXYlJ3Yu4Ga0VXYiV2diojIlBXe0Jye"
}
Response samples
- 200
{- "jwt": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZ...."
}
Generate authentication code
Service token scope: codes.generate
. Either username
or user_id
must be present.
Authorizations:
path Parameters
code_type required | string Enum: "short" "long" "phrase" Type of code to be generated |
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string |
user_id | string |
username | string |
purpose | string Enum: "add_credential" "temporary_authentication" |
authorize | boolean |
Responses
Request samples
- Payload
{- "client_id": "string",
- "user_id": "string",
- "username": "string",
- "purpose": "add_credential",
- "authorize": true
}
Response samples
- 200
{- "code": "string",
- "expires_at": "2019-08-24T14:15:22Z",
- "is_authorized": true
}
Invalidate all authentication codes of given type and purpose for given user
Service token scope: codes.invalidate
. Either username
or user_id
must be present.
Authorizations:
path Parameters
code_type required | string Enum: "short" "long" "phrase" Type of code to be denied |
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string |
user_id | string |
username | string |
purpose | string Enum: "add_credential" "temporary_authentication" |
Responses
Request samples
- Payload
{- "client_id": "string",
- "user_id": "string",
- "username": "string",
- "purpose": "add_credential"
}
Response samples
- 200
{- "deleted_at": "2019-08-24T14:15:22Z"
}
Begin self-serve code generation using FIDO2 authentication
Service token scope: codes.self_generate
. Either username
or user_id
must be present.
Authorizations:
path Parameters
code_type required | string Enum: "short" "long" "phrase" Type of code to be generated |
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id required | string |
username required | string |
purpose required | string Enum: "add_credential" "temporary_authentication" |
Responses
Request samples
- Payload
{- "client_id": "string",
- "username": "string",
- "purpose": "add_credential"
}
Response samples
- 200
{- "assertion_payload": {
- "challenge": "string",
- "rpId": "localhost",
- "allowCredentials": [
- {
- "id": "string",
- "type": "string",
- "transports": [
- "string"
], - "timeout": 60000,
- "userVerification": "required"
}
]
}
}
Complete self-serve code generation using FIDO2 authentication
path Parameters
code_type required | string Enum: "short" "long" "phrase" Type of code to be generated |
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id required | string |
user_id required | string |
username required | string |
required | object |
no_jwt | boolean Default: false If set to |
Responses
Request samples
- Payload
{- "client_id": "string",
- "user_id": "string",
- "username": "string",
- "assertion_payload": {
- "challenge": "string",
- "rpId": "string",
- "allowCredentials": [
- {
- "id": "string",
- "type": "string",
- "transports": [
- "string"
]
}
]
}, - "no_jwt": false
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true,
- "session": {
- "id": "UUID-format-session-id"
}, - "fido2": {
- "aaguid": "AAFF",
- "publicKey": "string",
- "user_presence": true,
- "user_verified": true
}, - "code_data": {
- "code": "string",
- "expires_at": "2019-08-24T14:15:22Z",
- "is_authorized": true
}
}
Retrieve credentials for user
Service token scope: credentials.list
Authorizations:
query Parameters
user_id required | string <uuid> User ID to retrieve credentials for |
status | string Enum: "active" "inactive" "revoked" "pending" Status of credentials to retrieve. If not specified, all credentials are returned. |
header Parameters
X-Client-ID required | string Management API client ID which is created on LoginID admin dashboard. |
Request-ID | string <uuid> |
Responses
Response samples
- 200
{- "user_id": "string",
- "credentials": [
- {
- "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
- "type": "string",
- "status": "active",
- "name": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z"
}
]
}
Retrieve credentials for user
Service token scope: credentials.list
. Either username
or user_id
must be present.
Authorizations:
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string |
user_id | string |
username | string |
status | string Enum: "active" "inactive" "revoked" "pending" Status of credentials to retrieve. If not specified, all credentials are returned. |
Responses
Request samples
- Payload
{- "client_id": "string",
- "user_id": "string",
- "username": "string",
- "status": "active"
}
Response samples
- 200
{- "user_id": "string",
- "credentials": [
- {
- "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
- "type": "string",
- "status": "active",
- "name": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z"
}
]
}
Rename user's credential
Service token scope: credentials.rename
. Either username
or user_id
must be present.
Authorizations:
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string |
user_id | string |
username | string |
object |
Responses
Request samples
- Payload
{- "client_id": "string",
- "user_id": "string",
- "username": "string",
- "credential": {
- "uuid": "string",
- "name": "string"
}
}
Response samples
- 200
{- "user_id": "string",
- "credential": {
- "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
- "type": "string",
- "status": "active",
- "name": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z"
}
}
Revoke user's credential
Service token scope: credentials.revoke
. Either username
or user_id
must be present.
Authorizations:
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string |
user_id | string |
username | string |
object |
Responses
Request samples
- Payload
{- "client_id": "string",
- "user_id": "string",
- "username": "string",
- "credential": {
- "uuid": "string"
}
}
Response samples
- 200
{- "user_id": "string",
- "credential": {
- "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
- "type": "string",
- "status": "active",
- "name": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z"
}
}
Generate a recovery code
Service token scope: credentials.add_recovery
. Either username
or user_id
must be present.
Authorizations:
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string |
user_id | string |
username | string |
Responses
Request samples
- Payload
{- "client_id": "string",
- "user_id": "string",
- "username": "string"
}
Response samples
- 200
{- "code": "string",
- "created_at": "2019-08-24T14:15:22Z"
}
Initiate adding a new FIDO2 credential
Service token scope: credentials.add
Authorizations:
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string |
username | string |
object (CodeWithType) | |
object |
Responses
Request samples
- Payload
{- "client_id": "string",
- "username": "string",
- "authentication_code": {
- "code": "string",
- "type": "short"
}, - "options": {
- "display_name": "username",
- "override_name": "username",
- "roaming_authenticator": false
}
}
Response samples
- 200
{- "attestation_payload": {
- "credential_uuid": "b7bd9990-2c43-4dce-9286-93cccf81bc62",
- "authenticatorSelection": {
- "authenticatorAttachment": "platform",
- "userVerification": "required"
}, - "challenge": "pO9V4DruYKrXClSwUn9pRIapBfFcl_l0khQd7YwqQRE",
- "excludeCredentials": [
- [
- "685f4226-5431-4bd0-b847-1561d1686506",
- "fca3a075-c848-46ef-b3d3-00074620ce37"
]
], - "pubKeyCredParams": [
- {
- "type": "public-key",
- "alg": -7
}
], - "rp": {
- "id": "localhost",
- "name": "LoginID Inc."
}, - "user": {
- "id": "33a1ee3e-2e24-4887-a649-7d1836296f96",
- "name": "john.doe",
- "displayName": "John Doe"
}
}
}
Begin adding FIDO2 authenticator as new credential (initiated by client backend)
Service token scope: credentials.force_add
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id required | string |
user_id required | string |
object |
Responses
Request samples
- Payload
{- "client_id": "string",
- "user_id": "string",
- "options": {
- "display_name": "username",
- "override_name": "username",
- "roaming_authenticator": false
}
}
Response samples
- 200
{- "attestation_payload": {
- "credential_uuid": "b7bd9990-2c43-4dce-9286-93cccf81bc62",
- "authenticatorSelection": {
- "authenticatorAttachment": "platform",
- "userVerification": "required"
}, - "challenge": "pO9V4DruYKrXClSwUn9pRIapBfFcl_l0khQd7YwqQRE",
- "excludeCredentials": [
- [
- "685f4226-5431-4bd0-b847-1561d1686506",
- "fca3a075-c848-46ef-b3d3-00074620ce37"
]
], - "pubKeyCredParams": [
- {
- "type": "public-key",
- "alg": -7
}
], - "rp": {
- "id": "localhost",
- "name": "LoginID Inc."
}, - "user": {
- "id": "33a1ee3e-2e24-4887-a649-7d1836296f96",
- "name": "john.doe",
- "displayName": "John Doe"
}
}
}
Finalize adding a new FIDO2 credential
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string |
username | string |
object | |
object |
Responses
Request samples
- Payload
{- "client_id": "string",
- "username": "string",
- "attestation_payload": {
- "credential_uuid": "string",
- "credential_id": "string",
- "challenge": "string",
- "client_data": "string",
- "attestation_data": "string"
}, - "options": {
- "credential_name": "string"
}
}
Response samples
- 200
{- "credential_uuid": "b7bd9990-2c43-4dce-9286-93cccf81bc62",
- "username": "john.doe",
- "namespace_id": "07523c4752bc7168",
- "jwt": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZ...."
}
Add a public key as a credential
Service token scope: credentials.force_add
. Either username
or user_id
must be present.
Authorizations:
Request Body schema: application/json
client_id | string |
username | string |
user_id | string |
publickey_alg | string Default: "ES256" |
publickey | string |
object |
Responses
Request samples
- Payload
{- "client_id": "[Client ID]",
- "username": "[username]",
- "user_id": "[userID]",
- "publickey_alg": "ES256",
- "publickey": "[base64url-encoded public key]",
- "options": {
- "credential_name": "[Optional display name]"
}
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
Initiate adding of a phone credential
Service token scope: credentials.force_add
. Either username
or user_id
must be present.
Authorizations:
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string <uuid> |
username | string <email> |
user_id | string <uuid> |
phone_number | string |
delivery_mode | string Default: "sms" Enum: "sms" "voice" |
locale | string Default: "en-US" Enum: "en-US" "zh-CN" "es-ES" |
Responses
Request samples
- Payload
{- "client_id": "e8f1a9f7-d8b0-4b1b-b8b0-f1b8b1b8b0f1",
- "username": "user@example.com",
- "user_id": "5d2b2b2b-2b2b-2b2b-2b2b-2b2b2b2b2b2b",
- "phone_number": "+123456789",
- "delivery_mode": "sms",
- "locale": "en-US"
}
Response samples
- 200
{- "credential_uuid": "f8d9e8f8-c8e0-4b3e-b8b1-f8d9e8f8c8e0"
}
Complete adding of a phone credential
Either username
or user_id
must be present.
Authorizations:
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string <uuid> |
username | string <email> |
user_id | string <uuid> |
credential_uuid | string <uuid> |
phone_number | string |
otp | string |
object |
Responses
Request samples
- Payload
{- "client_id": "5b3fa7ba-57d3-4017-a65b-d57dcd2db643",
- "username": "user@example.com",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "credential_uuid": "17377ab6-a94f-4768-9f7f-939b5fbc9d4b",
- "phone_number": "+123456789",
- "otp": "123456",
- "options": {
- "credential_name": "my-phone"
}
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
Initiate adding of an email credential
Service token scope: credentials.force_add
. Either username
or user_id
must be present.
Authorizations:
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string <uuid> |
username | string <email> |
user_id | string <uuid> |
string | |
link_url | string |
locale | string Default: "en-US" Value: "en-US" |
Responses
Request samples
- Payload
{- "client_id": "e8f1a9f7-d8b0-4b1b-b8b0-f1b8b1b8b0f1",
- "username": "user@example.com",
- "user_id": "5d2b2b2b-2b2b-2b2b-2b2b-2b2b2b2b2b2b",
- "email": "user@example.com",
- "locale": "en-US"
}
Response samples
- 200
{- "credential_uuid": "f8d9e8f8-c8e0-4b3e-b8b1-f8d9e8f8c8e0"
}
Complete adding of an email credential
Either username
or user_id
must be present.
Authorizations:
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string <uuid> |
username | string <email> |
user_id | string <uuid> |
credential_uuid | string <uuid> |
string <email> | |
otp | string |
via_link | boolean Default: false |
disable_alerts | boolean Default: false |
object |
Responses
Request samples
- Payload
{- "client_id": "5b3fa7ba-57d3-4017-a65b-d57dcd2db643",
- "username": "user@example.com",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "credential_uuid": "17377ab6-a94f-4768-9f7f-939b5fbc9d4b",
- "email": "user@example.com",
- "otp": "123456",
- "via_link": false,
- "disable_alerts": false,
- "options": {
- "credential_name": "my-email"
}
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
Initiate adding of a TOTP credential
Service token scope: credentials.force_add
. Either username
or user_id
must be present.
Authorizations:
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id | string <uuid> |
username | string <email> |
user_id | string <uuid> |
Responses
Request samples
- Payload
{- "client_id": "e8f1a9f7-d8b0-4b1b-b8b0-f1b8b1b8b0f1",
- "username": "user@example.com",
- "user_id": "5d2b2b2b-2b2b-2b2b-2b2b-2b2b2b2b2b2b"
}
Response samples
- 200
{- "secret": "string",
- "provisioning_uri": "string",
- "credential_uuid": "string"
}
Complete adding of a TOTP credential
Either username
or user_id
must be present.
Authorizations:
Request Body schema: application/json
client_id required | string <uuid> |
username | string <email> |
user_id | string <uuid> |
credential_uuid required | string <uuid> |
otp required | string |
object | |
no_jwt | boolean Default: false If set to |
Responses
Request samples
- Payload
{- "client_id": "5b3fa7ba-57d3-4017-a65b-d57dcd2db643",
- "username": "user@example.com",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "credential_uuid": "17377ab6-a94f-4768-9f7f-939b5fbc9d4b",
- "otp": "123456",
- "options": {
- "credential_name": "string"
}, - "no_jwt": false
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
Change password for existing credentials with old password
Service token scope: credentials.replace
. Either username
or user_id
must be present.
Authorizations:
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id required | string |
username | string |
user_id | string |
old_password required | string |
new_password required | string |
new_password_confirmation required | string |
no_jwt | boolean Default: false If set to |
Responses
Request samples
- Payload
{- "client_id": "string",
- "username": "string",
- "user_id": "string",
- "old_password": "string",
- "new_password": "string",
- "new_password_confirmation": "string",
- "no_jwt": false
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
Recover password using authentication code
Service token scope: credentials.replace
. Either username
or user_id
must be present.
Authorizations:
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id required | string |
username | string |
user_id | string |
new_password required | string |
new_password_confirmation required | string |
required | object |
object | |
no_jwt | boolean Default: false If set to |
Responses
Request samples
- Payload
{- "client_id": "string",
- "username": "string",
- "user_id": "string",
- "new_password": "string",
- "new_password_confirmation": "string",
- "authentication_code": {
- "code": "string",
- "type": "short"
}, - "options": {
- "credential_name": "string"
}, - "no_jwt": false
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
Add password via authentication code
Service token scope: credentials.add
. Either username
or user_id
must be present.
Authorizations:
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id required | string |
username | string |
user_id | string |
password required | string |
password_confirmation required | string |
required | object (CodeWithType) |
object | |
no_jwt | boolean Default: false If set to |
Responses
Request samples
- Payload
{- "client_id": "string",
- "username": "string",
- "user_id": "string",
- "password": "string",
- "password_confirmation": "string",
- "authentication_code": {
- "code": "string",
- "type": "short"
}, - "options": {
- "credential_name": "string"
}, - "no_jwt": false
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
Add password via management client
Service token scope: credentials.force_add
. Either username
or user_id
must be present.
Authorizations:
header Parameters
Request-ID | string <uuid> |
Request Body schema: application/json
client_id required | string |
username | string |
user_id | string |
password required | string |
password_confirmation required | string |
object | |
no_jwt | boolean Default: false If set to |
Responses
Request samples
- Payload
{- "client_id": "string",
- "username": "string",
- "user_id": "string",
- "password": "string",
- "password_confirmation": "string",
- "options": {
- "credential_name": "string"
}, - "no_jwt": false
}
Response samples
- 200
{- "client": {
- "id": "string",
- "type": "directweb"
}, - "credential": {
- "uuid": "string",
- "type": "fido2",
- "name": "string"
}, - "user": {
- "id": "string",
- "username": "string",
- "namespace_id": "string"
}, - "jwt": "string",
- "is_authenticated": true
}
Create a new user without credentials
Service token scope: users.create
Authorizations:
header Parameters
Request-ID | string <uuid> |
X-Client-ID required | string |
Request Body schema: application/json
username | string |
Responses
Request samples
- Payload
{- "username": "string"
}
Response samples
- 200
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "client_id": "string",
- "username": "string",
- "status": "string",
- "type": "string",
- "namespace_id": "string",
- "created_at": "2019-08-24",
- "updated_at": "2019-08-24",
- "expires_at": "2019-08-24",
- "contacts": [
- {
- "type": "email",
- "contact": "string",
- "is_verified": true
}
]
}
Retrieve a list of end users that belong to a namespace
Service token scope: users.list
Authorizations:
header Parameters
Request-ID | string <uuid> |
X-Client-ID required | string |
Request Body schema: application/json
created_by_client_id | string |
before_username | string |
after_username | string |
limit | integer |
status | Array of strings |
Responses
Request samples
- Payload
{- "created_by_client_id": "string",
- "before_username": "string",
- "after_username": "string",
- "limit": 0,
- "status": [
- "string"
]
}
Response samples
- 200
[- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "client_id": "string",
- "username": "string",
- "status": "string",
- "type": "string",
- "namspace_id": "string",
- "created_at": "2019-08-24"
}
]
Retrieve a user profile by username
Service token scope: users.retrieve
Authorizations:
header Parameters
X-Client-ID required | string Management API client ID which is created on LoginID admin dashboard. |
Request Body schema: application/json
username | string |
Responses
Request samples
- Payload
{- "username": "string"
}
Response samples
- 200
- 401
- 403
- 404
- 5XX
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "client_id": "string",
- "username": "string",
- "status": "string",
- "type": "string",
- "namespace_id": "string",
- "created_at": "2019-08-24",
- "updated_at": "2019-08-24",
- "expires_at": "2019-08-24",
- "contacts": [
- {
- "type": "email",
- "contact": "string",
- "is_verified": true
}
]
}
Delete a user record by username
Service token scope: users.delete
Authorizations:
header Parameters
X-Client-ID required | string Management API client ID which is created on LoginID admin dashboard. |
Request Body schema: application/json
username | string |
Responses
Request samples
- Payload
{- "username": "string"
}
Response samples
- 400
- 401
- 403
- 5XX
{- "code": "user_not_deleted",
- "message": "Failed to delete the user"
}
Delete a user record by user id
Service token scope: users.delete
Authorizations:
path Parameters
user_id required | string Unique ID of the user to be deleted. |
header Parameters
X-Client-ID required | string Management API client ID which is created on LoginID admin dashboard. |
Responses
Response samples
- 400
- 401
- 403
- 5XX
{- "code": "user_not_deleted",
- "message": "Failed to delete the user"
}
Activate a user account
Service token scope: users.activate
Authorizations:
path Parameters
user_id required | string Unique ID of the user to be deleted. |
header Parameters
X-Client-ID required | string Management API client ID which is created on LoginID admin dashboard. |
Responses
Response samples
- 200
- 400
- 401
- 5XX
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "client_id": "string",
- "username": "string",
- "status": "string",
- "type": "string",
- "namspace_id": "string",
- "created_at": "2019-08-24"
}
Deactivate a user account
Service token scope: users.deactivate
Authorizations:
path Parameters
user_id required | string Unique ID of the user to be deleted. |
header Parameters
X-Client-ID required | string Management API client ID which is created on LoginID admin dashboard. |
Responses
Response samples
- 200
- 400
- 401
- 403
- 5XX
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "client_id": "string",
- "username": "string",
- "status": "string",
- "type": "string",
- "namspace_id": "string",
- "created_at": "2019-08-24"
}
Send email verificaiton request to a user
Service token scope: users.email_verification_dispatch
Authorizations:
path Parameters
user_id required | string Unique ID of the user to be deleted. |
header Parameters
X-Client-ID required | string Management API client ID which is created on LoginID admin dashboard. |
Responses
Response samples
- 400
- 401
- 403
- 5XX
{- "code": "email_verification_not_sent",
- "message": "Failed to dispatch email verification."
}