Sessions
This page includes all the endpoints for the sessions endpoints
https://apicb.test.aazzur.com/docs/services/sessions
Overview
Sessions endpoints deal mainly with user sessions for instance: if the user email is verified or maybe if you want to know what's the API version that you're dealing with at the moment. Almost all endpoints under sessions require the user to enter an auth token to get the customer's details. If you don't have the token you can not work with the session endpoints.
For generating the access token please visit Authentication Workflow to learn how you can generate the auth token to work with the APIs.
Get Middleware Version
api-version-controller
No auth token is required for this request.
This endpoint is used only to get the version number of the middleware. The response is a single object containing a string mentioning the version number of the middleware.
The returned number is NOT the version of the API.
Email verification using a token
This verification is needed when a token is sent to the user's email address, and it is to be verified with the token in this POST request's body.
email-token-controller
Phone Verification
phone-verification-code-controller
After adding a phone number to the customer account, that phone number will need to be verified with an authentication code. Usually, the user is navigated to a screen where the user needs to enter a code and press a button to send a request to the server to determine if the entered code is valid or not for the specific customer.
Please bear in mind that you have to pass the auth token as well; otherwise, the server won't be able to identify which customer is sending the request.
Two Factor Verification
two-factor-verification-controller
A two-factor authentication exists when the user tries to log in with the web app. For the request to work, the scopes must have signup, which will come from the oauth token itself. For the request to work, the request must have clientId along with Valid X-AAZZUR-DEVICE-CHALLENGE and X-AAZZUR-SIGNATURE in the header.
Like any other two-factor service, the services can be approved or rejected.
approveTwoFactor
POST
https://sessions:8080/sessions/auth/two-factor/approve
Required scopes - signup Enhanced security through pin, password or challenge - as applicable - required, based on jurisdiction and/or client configuration
rejectSecondFactor
POST
https://sessions:8080/sessions/auth/two-factor/reject
Required scopes - signup Enhanced security through pin, password or challenge - as applicable - required, based on jurisdiction and/or client configuration
Last updated