Auth v0.6.1
Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.
Introduction
The Authentication API is an identity layer based on OpenID Connect (OIDC) and OAuth 2.0. Accessing resources in the Apiture Open platform requires registering an OAuth consumer before making authenticated API requests.
Supported authentication flows
- OAuth 2.0 Authorization code: used with server-side Applications
- OAuth 2.0 Implicit: used with Mobile Applications or Web Applications
Discovery
The OpenID Connect Discovery metadata can be retrieved by browsing to the /auth/openid/metadata
URL. The metadata information is public.
Samples
For each endpoint in the API, sample requests and responses are provided.
Creating a consumer
Request an OAuth consumer key and secret by emailing api@apiture.com. The following information must be part of the consumer request:
- Name: A name identifying the consumer.
- Callback URL: A URL in the target application that can receive token responses.
After submitting the request, an email will be sent containing the generated key and secret for the consumer.
Flows
OpenID Connect Authorization Code Flow
This interactive flow involves browser redirection to the Apiture Identity Provider URL (the OAuth authorization server) for secure user login and consent. After the first redirection, the user is redirected back to the requesting application using the callback URL that was configured when the application was registered as a consumer.
- Authenticate the user [browser redirection]
- Receive user consent [browser redirection]
- Authenticate the client
- Exchange code for tokens
OpenID Connect Implicit Flow
This flow is similar to the code flow but allows to retrieve a token directly without the need of an intermediate code. Upon successful authentication the tokens are returned in the hash fragment of the redirection URL. No refresh tokens are returned using this type of grant.
- Authenticate the user [browser redirection]
- Receive user consent [browser redirection]
More information about triggering these flows can be found by reading about the /auth/oauth2
endpoints below.
Using the Tokens
Upon successful authentication the token endpoint will return an access token that can be used to call secured API endpoints, it will have an expiration time in milliseconds as indicated in the expires_in
attribute.
Each request to a secured endpoint must include the bearer token as part of the Authorization
header: Authorization: Bearer <TOKEN>
The /oauth2/token#refreshToken
endpoint can be used to refresh an expired token. To do this the grant_type must be set to refresh_token
and the refresh_token
parameter must be the refresh token obtained when the last token was issued.
Pasword reset flow
It is possible to reset the user's password from an unauthenticated space by sending the user's key identifying information.
-
Start the process by issuing a
POST
to/passwordResetRequests
with the user's username, taxId and birthdate. A confirmation code is sent via the preconfigured delivery channel as a result of this operation. -
Use the confirmation code as part of a
POST
request to/passwordResets
along with the user's username and the new desired password. A successful password reset will be acknowledged with a 202 status code.
Download OpenAPI Definition (YAML)
Base URLs:
Authentication
- API Key (
apiKey
)- header parameter: API-Key
- API Key based authentication. Each client application must pass its private, unique API key, allocated in the developer portal, via the
API-Key: {api-key}
request header.
- OAuth2 authentication (
accessToken
)- OAuth2 client access token authentication. The client authenticates against the server at
authorizationUrl
, passing the client's privateclientId
(and optionalclientSecret
) as part of this flow. The client obtains an access token from the server attokenUrl
. It then passes the received access token via theAuthorization: Bearer {access-token}
header in subsequent API calls. The authorization process also returns a refresh token which the client should use to renew the access token before it expires. - Flow:
authorizationCode
- Authorization URL = https://auth.apiture.com/oauth2/authorize
- Token URL = http://auth.apiture.com/auth/oauth2/token
- OAuth2 client access token authentication. The client authenticates against the server at
Scope | Scope Description |
---|---|
profiles/read |
Read access to user and contact related resources. |
profiles/write |
Write (update) access to user and contact related resources. |
profiles/delete |
Delete access to user and contact related resources. |
profiles/readPii |
Read access to personally identifiable information such as tax ID numbers, phone numbers, email and postal addresses. This must be granted in addition to the profiles/read scope in order to read such data, but is included in the profiles/full scope. |
profiles/full |
Full access to user and contact related resources. |
API
Endpoints which describe this API
getApi
Code samples
# You can also use wget
curl -X GET https://api.devbank.apiture.com/auth/ \
-H 'Accept: application/hal+json'
GET https://api.devbank.apiture.com/auth/ HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/hal+json
var headers = {
'Accept':'application/hal+json'
};
$.ajax({
url: 'https://api.devbank.apiture.com/auth/',
method: 'get',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
const fetch = require('node-fetch');
const headers = {
'Accept':'application/hal+json'
};
fetch('https://api.devbank.apiture.com/auth/',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/hal+json'
}
result = RestClient.get 'https://api.devbank.apiture.com/auth/',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/hal+json'
}
r = requests.get('https://api.devbank.apiture.com/auth/', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.devbank.apiture.com/auth/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/hal+json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/auth/", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Top-level resources and operations in this API
GET /
Return links to the top-level resources and operations in this API.
Example responses
OK
{
"id": "auth",
"name": "Authorization",
"apiVersion": "0.1.0",
"_profile": "https://api.apiture.com/schemas/common/api/v1.0.0/profile.json",
"_links": {
"apiture:authorize": {
"href": "/authorization/oauth2/authorize"
},
"apiture:token": {
"href": "/authorization/oauth2/token"
},
"apiture:metadata": {
"href": "/authorization/openid/metadata"
}
}
}
200 Response
{
"id": "apiName",
"name": "API name",
"apiVersion": "0.0.1-SNAPSHOT",
"_profile": "https://api.apiture.com/schemas/common/root/v1.0.0/profile.json",
"_links": null
}
Responses
Status | Description |
---|---|
200 | OK |
OK | |
Schema: root |
getApiDoc
Code samples
# You can also use wget
curl -X GET https://api.devbank.apiture.com/auth/apiDoc \
-H 'Accept: application/json'
GET https://api.devbank.apiture.com/auth/apiDoc HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/json
var headers = {
'Accept':'application/json'
};
$.ajax({
url: 'https://api.devbank.apiture.com/auth/apiDoc',
method: 'get',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
const fetch = require('node-fetch');
const headers = {
'Accept':'application/json'
};
fetch('https://api.devbank.apiture.com/auth/apiDoc',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient.get 'https://api.devbank.apiture.com/auth/apiDoc',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get('https://api.devbank.apiture.com/auth/apiDoc', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.devbank.apiture.com/auth/apiDoc");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/auth/apiDoc", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Return API definition document
GET /apiDoc
Return the OpenAPI document that describes this API.
Example responses
200 Response
{}
Responses
Status | Description |
---|---|
200 | OK |
OK | |
Schema: Inline |
Response Schema
Discovery
Endpoints for OpenID Connect Discovery
getMetadata
Code samples
# You can also use wget
curl -X GET https://api.devbank.apiture.com/auth/openid/metadata \
-H 'Accept: application/json' \
-H 'API-Key: API_KEY'
GET https://api.devbank.apiture.com/auth/openid/metadata HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/json
var headers = {
'Accept':'application/json',
'API-Key':'API_KEY'
};
$.ajax({
url: 'https://api.devbank.apiture.com/auth/openid/metadata',
method: 'get',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
const fetch = require('node-fetch');
const headers = {
'Accept':'application/json',
'API-Key':'API_KEY'
};
fetch('https://api.devbank.apiture.com/auth/openid/metadata',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'API-Key' => 'API_KEY'
}
result = RestClient.get 'https://api.devbank.apiture.com/auth/openid/metadata',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json',
'API-Key': 'API_KEY'
}
r = requests.get('https://api.devbank.apiture.com/auth/openid/metadata', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.devbank.apiture.com/auth/openid/metadata");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"API-Key": []string{"API_KEY"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/auth/openid/metadata", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Returns OpenID Connect Discovery metadata.
GET /openid/metadata
This request returns a JSON structure containing scopes.
Example responses
200 Response
{}
400 Response
Responses
Status | Description |
---|---|
200 | OK |
The metadata was returned successfully. | |
Schema: authMetadata | |
400 | Bad Request |
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response will contain details about the request error. | |
Schema: errorResponse | |
422 | Unprocessable Entity |
Unprocessable Entity. One or more of the query parameters was well formed but otherwise invalid. | |
Schema: errorResponse |
Authorize
Endpoints for user authentication and authorization
authorize
Code samples
# You can also use wget
curl -X GET https://api.devbank.apiture.com/auth/oauth2/authorize?client_id=string \
-H 'Accept: */*' \
-H 'API-Key: API_KEY'
GET https://api.devbank.apiture.com/auth/oauth2/authorize?client_id=string HTTP/1.1
Host: api.devbank.apiture.com
Accept: */*
var headers = {
'Accept':'*/*',
'API-Key':'API_KEY'
};
$.ajax({
url: 'https://api.devbank.apiture.com/auth/oauth2/authorize',
method: 'get',
data: '?client_id=string',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
const fetch = require('node-fetch');
const headers = {
'Accept':'*/*',
'API-Key':'API_KEY'
};
fetch('https://api.devbank.apiture.com/auth/oauth2/authorize?client_id=string',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => '*/*',
'API-Key' => 'API_KEY'
}
result = RestClient.get 'https://api.devbank.apiture.com/auth/oauth2/authorize',
params: {
'client_id' => 'string'
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': '*/*',
'API-Key': 'API_KEY'
}
r = requests.get('https://api.devbank.apiture.com/auth/oauth2/authorize', params={
'client_id': 'string'
}, headers = headers)
print r.json()
URL obj = new URL("https://api.devbank.apiture.com/auth/oauth2/authorize?client_id=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"*/*"},
"API-Key": []string{"API_KEY"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/auth/oauth2/authorize", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Redirect to id.apiture.com for secure user login
GET /oauth2/authorize
This request redirects the user to the Apiture Identity Provider login page.
Parameters
Parameter | Description |
---|---|
response_type (query) |
string Indicates the authentication flow to be used. Use code to specify the usage of the OAuth 2.0 Authorization code flow and token for the OAuth 2.0 implicit grant flow. |
scope (query) |
string This must be set to openid to indicate a request for OpenID authentication and ID token. |
client_id (query) |
string (required) This must be set to the key obtained after registration of the application as a consumer. |
state (query) |
string An arbitrary value set by the client to maintain state between the authorization request and the callback. |
redirect_uri (query) |
string The callback url that the user will be redirected to after successful login and consent with the Apiture Identity Provider. This value must match the value used during the consumer registration process. The callback url will be called with the authorization code provided as a parameter. Required if using the authorization_code flow. |
Example responses
400 Response
Responses
Status | Description |
---|---|
302 | Found |
Indicates a redirection url has been returned to the client. | |
400 | Bad Request |
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response will contain details about the request error. | |
Schema: errorResponse | |
422 | Unprocessable Entity |
Unprocessable Entity. One or more of the query parameters was well formed but otherwise invalid. | |
Schema: errorResponse |
Response Headers
Status | Description |
---|---|
302 | Location string |
The login and consent page of the Apiture Identity Provider. |
Token
Endpoints for token exchange
getToken
Code samples
# You can also use wget
curl -X POST https://api.devbank.apiture.com/auth/oauth2/token \
-H 'Accept: */*' \
-H 'Authorization: string' \
-H 'API-Key: API_KEY'
POST https://api.devbank.apiture.com/auth/oauth2/token HTTP/1.1
Host: api.devbank.apiture.com
Accept: */*
Authorization: string
var headers = {
'Accept':'*/*',
'Authorization':'string',
'API-Key':'API_KEY'
};
$.ajax({
url: 'https://api.devbank.apiture.com/auth/oauth2/token',
method: 'post',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
const fetch = require('node-fetch');
const headers = {
'Accept':'*/*',
'Authorization':'string',
'API-Key':'API_KEY'
};
fetch('https://api.devbank.apiture.com/auth/oauth2/token',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => '*/*',
'Authorization' => 'string',
'API-Key' => 'API_KEY'
}
result = RestClient.post 'https://api.devbank.apiture.com/auth/oauth2/token',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': '*/*',
'Authorization': 'string',
'API-Key': 'API_KEY'
}
r = requests.post('https://api.devbank.apiture.com/auth/oauth2/token', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.devbank.apiture.com/auth/oauth2/token");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"*/*"},
"Authorization": []string{"string"},
"API-Key": []string{"API_KEY"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://api.devbank.apiture.com/auth/oauth2/token", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Obtain a secure access token.
POST /oauth2/token
Create an access token for client use. The authorization code received from the callback redirection is an intermediate credential. The code must then be exchanged with a token by making a request to this endpoint.
Parameters
Parameter | Description |
---|---|
Authorization (header) |
string (required) Authorization credentials in the form of where |
grant_type (query) |
string This must be set to one of the following: |
authorization_code
if using the OAuth 2.0 Authorization code flowclient_credentials
when using client-supplied credentials (key and secret)refresh_token
when refreshing an expired token. | |code
(query) |string
This must be set to the authorization code returned via a callback redirect after calling the/auth/oauth2/authorize
endpoint if using the OAuth 2.0 Authorization code flow. | |redirect_uri
(query) |string
The callback url that the user will be redirected to after successful login and consent with the Apiture Identity Provider. This value must match the value used during the consumer registration process. The callback url will be called with the authorization code provided as a parameter. Required if using the authorization_code flow. |
Example responses
400 Response
Responses
Status | Description |
---|---|
200 | OK |
Return a response containing the access token, refresh token, etc. schema: $ref: '#/definitions/oauthTokens' | |
302 | Found |
Indicates a redirection url has been returned to the client. | |
400 | Bad Request |
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response will contain details about the request error. | |
Schema: errorResponse | |
401 | Unauthorized |
The client did not include credentials or the credentials are not valid, or the access_token has expired and should be refreshed. | |
Schema: errorResponse | |
403 | Forbidden |
The client is not authorized to generate a new token. | |
Schema: errorResponse | |
422 | Unprocessable Entity |
Unprocessable Entity. One or more of the query parameters was well formed but otherwise invalid. | |
Schema: errorResponse |
Response Headers
Status | Description |
---|---|
302 | Location string |
The login and consent page of the Apiture Identity Provider. |
refreshToken
Code samples
# You can also use wget
curl -X POST https://api.devbank.apiture.com/auth/oauth2/token#refreshToken?refresh_token=string \
-H 'Accept: */*' \
-H 'Authorization: string' \
-H 'API-Key: API_KEY'
POST https://api.devbank.apiture.com/auth/oauth2/token#refreshToken?refresh_token=string HTTP/1.1
Host: api.devbank.apiture.com
Accept: */*
Authorization: string
var headers = {
'Accept':'*/*',
'Authorization':'string',
'API-Key':'API_KEY'
};
$.ajax({
url: 'https://api.devbank.apiture.com/auth/oauth2/token#refreshToken',
method: 'post',
data: '?refresh_token=string',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
const fetch = require('node-fetch');
const headers = {
'Accept':'*/*',
'Authorization':'string',
'API-Key':'API_KEY'
};
fetch('https://api.devbank.apiture.com/auth/oauth2/token#refreshToken?refresh_token=string',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => '*/*',
'Authorization' => 'string',
'API-Key' => 'API_KEY'
}
result = RestClient.post 'https://api.devbank.apiture.com/auth/oauth2/token#refreshToken',
params: {
'refresh_token' => 'string'
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': '*/*',
'Authorization': 'string',
'API-Key': 'API_KEY'
}
r = requests.post('https://api.devbank.apiture.com/auth/oauth2/token#refreshToken', params={
'refresh_token': 'string'
}, headers = headers)
print r.json()
URL obj = new URL("https://api.devbank.apiture.com/auth/oauth2/token#refreshToken?refresh_token=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"*/*"},
"Authorization": []string{"string"},
"API-Key": []string{"API_KEY"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://api.devbank.apiture.com/auth/oauth2/token#refreshToken", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Obtain new tokens after an access token has expired.
POST /oauth2/token#refreshToken
Create a new access token for client use after an access_token has expired.
Parameters
Parameter | Description |
---|---|
Authorization (header) |
string (required) Authorization credentials in the form of where |
grant_type (query) |
string This must be set to one of the following: |
authorization_code
if using the OAuth 2.0 Authorization code flowclient_credentials
when using client-supplied credentials (key and secret)refresh_token
when refreshing an expired token. | |refresh_token
(query) |string
(required)
The value of therefresh_token
obtained with the original expired access token. |
Example responses
400 Response
Responses
Status | Description |
---|---|
200 | OK |
Return a response containing the new access token, refresh token, etc. schema: $ref: '#/definitions/oauthTokens' | |
400 | Bad Request |
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response will contain details about the request error. | |
Schema: errorResponse | |
401 | Unauthorized |
The client did not include credentials or the credentials are not valid, or the access_token has expired and should be refreshed. | |
Schema: errorResponse | |
403 | Forbidden |
The client is not authorized to generate a new token. | |
Schema: errorResponse | |
422 | Unprocessable Entity |
Unprocessable Entity. One or more of the query parameters was well formed but otherwise invalid. | |
Schema: errorResponse |
Password
User authentication passwords
passwordResetRequest
Code samples
# You can also use wget
curl -X POST https://api.devbank.apiture.com/auth/passwordResetRequests \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'API-Key: API_KEY'
POST https://api.devbank.apiture.com/auth/passwordResetRequests HTTP/1.1
Host: api.devbank.apiture.com
Content-Type: application/json
Accept: application/json
var headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'API-Key':'API_KEY'
};
$.ajax({
url: 'https://api.devbank.apiture.com/auth/passwordResetRequests',
method: 'post',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
const fetch = require('node-fetch');
const inputBody = '{
"username": "john0224",
"taxId": "XXXX",
"birthdate": "1974-10-27"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'API-Key':'API_KEY'
};
fetch('https://api.devbank.apiture.com/auth/passwordResetRequests',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'API-Key' => 'API_KEY'
}
result = RestClient.post 'https://api.devbank.apiture.com/auth/passwordResetRequests',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'API-Key': 'API_KEY'
}
r = requests.post('https://api.devbank.apiture.com/auth/passwordResetRequests', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.devbank.apiture.com/auth/passwordResetRequests");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
"API-Key": []string{"API_KEY"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://api.devbank.apiture.com/auth/passwordResetRequests", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Initiate a password reset flow.
POST /passwordResetRequests
Initiate a password reset flow by sending the user's key identifying information. (This operation does not create a resource). A confirmation code is sent to the user via text message or email as a result of this operation. In order to complete the flow, a POST
request to /passwordResets
must contain the confirmation code as well as the username and the desired new password. This operation does not create a new persisent resource; the password reset is transient and returned in the response body only.
Body parameter
{
"username": "john0224",
"taxId": "XXXX",
"birthdate": "1974-10-27"
}
Parameters
Parameter | Description |
---|---|
body (body) |
passwordResetRequest (required) The data necessary to create a password reset resource. |
Example responses
202 Response
{
"codeDeliveryMethod": "email",
"codeDestination": "b***@m***.com"
}
400 Response
Responses
Status | Description |
---|---|
202 | Accepted |
Accepted | |
Schema: passwordReset | |
400 | Bad Request |
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response will contain details about the request error. | |
Schema: errorResponse | |
409 | Conflict |
There was a conflict with the state of the user. | |
Schema: errorResponse | |
422 | Unprocessable Entity |
Password reset is invalid. | |
Schema: errorResponse | |
500 | Internal Server Error |
Server Error. Fatal error has occurred. | |
Schema: errorResponse |
passwordReset
Code samples
# You can also use wget
curl -X POST https://api.devbank.apiture.com/auth/passwordResets \
-H 'Content-Type: application/json' \
-H 'Accept: */*' \
-H 'API-Key: API_KEY'
POST https://api.devbank.apiture.com/auth/passwordResets HTTP/1.1
Host: api.devbank.apiture.com
Content-Type: application/json
Accept: */*
var headers = {
'Content-Type':'application/json',
'Accept':'*/*',
'API-Key':'API_KEY'
};
$.ajax({
url: 'https://api.devbank.apiture.com/auth/passwordResets',
method: 'post',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
const fetch = require('node-fetch');
const inputBody = '{
"username": "john0224",
"newPassword": "newPassword",
"confirmationCode": "12345"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'*/*',
'API-Key':'API_KEY'
};
fetch('https://api.devbank.apiture.com/auth/passwordResets',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => '*/*',
'API-Key' => 'API_KEY'
}
result = RestClient.post 'https://api.devbank.apiture.com/auth/passwordResets',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': '*/*',
'API-Key': 'API_KEY'
}
r = requests.post('https://api.devbank.apiture.com/auth/passwordResets', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.devbank.apiture.com/auth/passwordResets");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"*/*"},
"API-Key": []string{"API_KEY"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://api.devbank.apiture.com/auth/passwordResets", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Complete a password reset flow.
POST /passwordResets
Complete an unauthenticated password reset flow by passing username
,confirmationCode
, and newPassword
in the request. This operation will return 202 Accepted if the request is valid.
Body parameter
{
"username": "john0224",
"newPassword": "newPassword",
"confirmationCode": "12345"
}
Parameters
Parameter | Description |
---|---|
body (body) |
confirmPasswordReset (required) The data necessary to confirm a password reset |
Example responses
400 Response
Responses
Status | Description |
---|---|
202 | Accepted |
Accepted | |
400 | Bad Request |
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response will contain details about the request error. | |
Schema: errorResponse | |
401 | Unauthorized |
The client did not include credentials or the credentials are not valid, or the access_token has expired and should be refreshed. | |
Schema: errorResponse | |
422 | Unprocessable Entity |
Current password does not match or invalid new password. | |
Schema: errorResponse |
changeUserPassword
Code samples
# You can also use wget
curl -X PUT https://api.devbank.apiture.com/auth/my/password \
-H 'Content-Type: application/json' \
-H 'Accept: */*' \
-H 'API-Key: API_KEY' \
-H 'Authorization: Bearer {access-token}'
PUT https://api.devbank.apiture.com/auth/my/password HTTP/1.1
Host: api.devbank.apiture.com
Content-Type: application/json
Accept: */*
var headers = {
'Content-Type':'application/json',
'Accept':'*/*',
'API-Key':'API_KEY',
'Authorization':'Bearer {access-token}'
};
$.ajax({
url: 'https://api.devbank.apiture.com/auth/my/password',
method: 'put',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
const fetch = require('node-fetch');
const inputBody = '{
"currentPassword": "currentPassword",
"newPassword": "newPassword"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'*/*',
'API-Key':'API_KEY',
'Authorization':'Bearer {access-token}'
};
fetch('https://api.devbank.apiture.com/auth/my/password',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => '*/*',
'API-Key' => 'API_KEY',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.put 'https://api.devbank.apiture.com/auth/my/password',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': '*/*',
'API-Key': 'API_KEY',
'Authorization': 'Bearer {access-token}'
}
r = requests.put('https://api.devbank.apiture.com/auth/my/password', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.devbank.apiture.com/auth/my/password");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"*/*"},
"API-Key": []string{"API_KEY"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("PUT", "https://api.devbank.apiture.com/auth/my/password", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Change the user password
PUT /my/password
An authenticated user must pass currentPassword
and newPassword
in the request body to change its password. This operation requires both apiKey
and accessToken
security.
This operation will return 202 Accepted if the request is valid.
If the request fails, and the user does not know the current password, they can request a password reset by using /passwordResetRequests
.
This operation supports pre-flight validation. If invoked with the preFlightValidate=true
query parameter, the operation only validates the newPassword
against the password policies and returns an _error
in the response with details of any password policy violations.
Body parameter
{
"currentPassword": "currentPassword",
"newPassword": "newPassword"
}
Parameters
Parameter | Description |
---|---|
preFlightValidate (query) |
boolean If true , the operation performs pre-flight validation only of the newPassword and it does not attempt to update the user's password. |
body (body) |
passwordChange (required) |
Example responses
200 Response
Responses
Status | Description |
---|---|
200 | OK |
OK. It uses for pre-flight validation response. The _error object in the response, if it exists, contains error messages and other detail about the validation (and may contain nested errors). | |
Schema: passwordChange | |
202 | Accepted |
Accepted | |
400 | Bad Request |
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response will contain details about the request error. | |
Schema: errorResponse | |
401 | Unauthorized |
The client did not include credentials or the credentials are not valid, or the access_token has expired and should be refreshed. | |
Schema: errorResponse | |
422 | Unprocessable Entity |
Current password does not match or invalid new password. | |
Schema: errorResponse |
Schemas
passwordResetRequest
{
"username": "john0224",
"taxId": "XXXX",
"birthdate": "1974-10-27"
}
Password Reset Request
Create a new password reset.
Properties
Name | Description |
---|---|
username | string (required) The user's username. |
taxId | string (required) Last 4 digits of the user tax ID. |
birthdate | string(date) (required) The user's birth date in RFC 3339 YYYY-MM-DD date format.
|
passwordReset
{
"codeDeliveryMethod": "email",
"codeDestination": "b***@m***.com"
}
Password Reset
Password reset resource.
Properties
Name | Description |
---|---|
codeDeliveryMethod | string Confirmation code delivery method.
|
codeDestination | string Masked email address or phone number the confirmation code is sent to. |
authMetadata
{}
Authentication metadata
A map of (name, value) pairs which describe then the OpenID Provider metadata.
Properties
oauthToken
{
"access_token": "string",
"token_type": "string",
"expires_in": 0,
"refresh_token": "string"
}
OAuth Tokens
A response from a credentialed request for tokens.
Properties
Name | Description |
---|---|
access_token | string An opaque string which should be passed (along with the token_type ) to subsequent API calls which require authentication. Normally this is done via the the Authorization header of the request: from this response: |
token_type | string The form of token returned. This is typically the string Bearer and is the key which subsequent calls should use (along with the access_token above) in the Authorization header when making authenticated API requests.
|
expires_in | integer(int64) The number of seconds until the access_token expires. When it expires, use the refresh_token to request a new access token.
|
refresh_token | string A token to use when the access_token expires. The client should retain this securely so it can obtain a new access_token later when the access token expires.
|
abstractResource
{
"_profile": "https://api.apiture.com/schema/example/v1.0.0/profile.json",
"_links": {
"self": {
"href": "{uri of current resource}"
}
}
}
Abstract Resource
An augmented HAL resource representation. This model contains hypermedia _links
, and either optional domain object data with _profile
and optional _embedded
objects, or an _error
object. In responses, if the operation was successful, this object will not include the _error
, but if the operation was a 4xx or 5xx error, this object will not include _embedded
or any data fields, only _error
and optionally _links
.
Properties
Name | Description |
---|---|
_links | links An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
|
_embedded | object An optional map of nested resources, mapping each nested resource name to a nested resource representation. |
_profile | string(uri) The URI of a resource profile which describes the representation. |
_error | error An object which describes an error. This value is omitted if the operation succeeded without error. |
root
{
"id": "apiName",
"name": "API name",
"apiVersion": "0.0.1-SNAPSHOT",
"_profile": "https://api.apiture.com/schemas/common/root/v1.0.0/profile.json",
"_links": null
}
The root of this API
A HAL response, with hypermedia _links
for the top-level resources and operations in API.
Properties
Name | Description |
---|---|
_links | links An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
|
_embedded | object An optional map of nested resources, mapping each nested resource name to a nested resource representation. |
_profile | string(uri) The URI of a resource profile which describes the representation. |
_error | error An object which describes an error. This value is omitted if the operation succeeded without error. |
_id | string This API's unique ID. |
name | string This API's name. |
apiVersion | string This API's version. |
links
{
"property1": {
"href": "http://example.com",
"type": "string",
"templated": true,
"title": "string",
"deprecation": "http://example.com",
"profile": "http://example.com"
},
"property2": {
"href": "http://example.com",
"type": "string",
"templated": true,
"title": "string",
"deprecation": "http://example.com",
"profile": "http://example.com"
}
}
Links
An optional map of links, mapping each link relation to a link object. This model defines the _links
object of HAL representations.
Properties
Name | Description |
---|---|
additionalProperties | link Describes a hypermedia link within a _links object in HAL representations. In Apiture APIs, links are HAL links, but Apiture APIs do not use the name or hreflang properties of HAL. Apiture links may include a method property.
|
link
{
"href": "http://example.com",
"type": "string",
"templated": true,
"title": "string",
"deprecation": "http://example.com",
"profile": "http://example.com"
}
Link
Describes a hypermedia link within a _links
object in HAL representations. In Apiture APIs, links are HAL links, but Apiture APIs do not use the name
or hreflang
properties of HAL. Apiture links may include a method
property.
Properties
Name | Description |
---|---|
href | string(uri) (required) The URI or URI template for the resource/operation this link refers to. |
type | string The media type for the resource. |
templated | boolean If true, the link's href is a URI template. |
title | string An optional human-readable localized title for the link. |
deprecation | string(uri) If present, the containing link is deprecated and the value is a URI which provides human-readable text information about the deprecation. |
profile | string(uri) The URI of a profile document, a JSON document which describes the target resource/operation. |
errorResponse
{
"_profile": "https://api.apiture.com/schemas/common/errorResponse/v1.0.0/profile.json",
"_error": {
"_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
"_profile": "https://api.apiture.com/schemas/common/errorResponse/v1.0.0/profile.json",
"message": "The value for deposit must be greater than 0.",
"statusCode": 422,
"type": "positiveNumberRequired",
"attributes": {
"value": -125.5
},
"remediation": "Provide a value which is greater than 0",
"occurredAt": {},
"_links": {
"describedby": {
"href": "http://doc.apiture.com/errors/positiveNumberRequired"
}
},
"_embedded": {
"errors": []
}
}
}
Error Response
Describes an error response, typically returned on 4xx or 5xx errors from API operations. The _error
object contains the error details.
Properties
Name | Description |
---|---|
_links | links An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
|
_embedded | object An optional map of nested resources, mapping each nested resource name to a nested resource representation. |
_profile | string(uri) The URI of a resource profile which describes the representation. |
_error | error An object which describes an error. This value is omitted if the operation succeeded without error. |
error
{
"_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
"_profile": "https://api.apiture.com/schemas/common/errorResponse/v1.0.0/profile.json",
"message": "The value for deposit must be greater than 0.",
"statusCode": 422,
"type": "positiveNumberRequired",
"attributes": {
"value": -125.5
},
"remediation": "Provide a value which is greater than 0",
"occurredAt": "2018-01-25T05:50:52.375Z",
"_links": {
"describedby": {
"href": "http://doc.apiture.com/errors/positiveNumberRequired"
}
},
"_embedded": {
"errors": []
}
}
Error
An error description. Nested source errors are contained in the _embedded
object with the key "errors"
; this is an array of nested error objects. For example, an API which validates its request body may find multiple errors in the request, which may be detailed here. The _links
may contain a describedby
link which refers to a web page with details about the error. The attributes
field An optional map of name/value pairs which provide structured data about the error. For example, if the error is a value out of range, the attributes may specify the range values min
and max
. This allows clients to present error messages as they see fit (the API does not assume the client/presentation tier).
Properties
Name | Description |
---|---|
message | string (required) A localized message string describing the error condition. |
_id | string A unique identifier for this error instance. This may be used as a correlation ID with the root cause error (i.e. this ID may be logged at the source of the error). This is is an opaque string. |
statusCode | integer The HTTP status code associate with this error. minimum: 100
maximum: 599
|
type | string An error identifier which indicates the category of error and associate it with API support documentation or which the UI tier can use to render an appropriate message or hint. This provides a finer level of granularity than the statusCode . For example, instead of just 400 Bad Request, the type may be much more specific. such as integerValueNotInAllowedRange or numericValueExceedsMaximum or stringValueNotInAllowedSet .
|
occurredAt | string(date-time) An ISO 8601 UTC time stamp indicating when the error occurred. |
attributes | attributes Data attribute associated with the error, such as values or constraints. |
remediation | string An optional localized string which provides hints for how the user or client can resolve the error. |
_embedded | object Optional embedded array of errors. This field may not exist if the error does not have nested errors. |
ยป items | [errorResponse] An array of error objects. |
attributes
{}
Attributes
An optional map of name/value pairs which contains additional dynamic data about the resource.
Properties
passwordChange
{
"currentPassword": "currentPassword",
"newPassword": "newPassword"
}
Password change
Representation used to change a user password. The request must contain the newPassword
and the currentPassword
.
Properties
Name | Description |
---|---|
_links | links An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
|
_embedded | object An optional map of nested resources, mapping each nested resource name to a nested resource representation. |
_profile | string(uri) The URI of a resource profile which describes the representation. |
_error | error An object which describes an error. This value is omitted if the operation succeeded without error. |
newPassword | string(password) A new user password |
currentPassword | string(password) A current user password. This field is used for performing the change password flow. |
confirmPasswordReset
{
"username": "john0224",
"newPassword": "newPassword",
"confirmationCode": "12345"
}
Confirm Password Reset
Representation used to confirm a password reset flow.
Properties
Name | Description |
---|---|
newPassword | string(password) A new user password |
confirmationCode | string A confirmation code send when the user initiated password reset. |
username | string The username. |