Sessions

This page includes all the endpoints for the sessions endpoints

[ Base URL: sessions:8080/sessions ]

https://apicb.test.aazzur.com/docs/services/sessions

Overview

Sessions endpoints deal mainly with user sessions for instance: if the user email is verified or maybe if you want to know what's the API version that you're dealing with at the moment. Almost all endpoints under sessions require the user to enter an auth token to get the customer's details. If you don't have the token you can not work with the session endpoints.

For generating the access token please visit Authentication Workflow to learn how you can generate the auth token to work with the APIs.

Important

The base URL shows sessions:8080, which is only valid for the local servers. When you are working with the APIs, please remember that you will have to change the base URL depending on which environment you are working in; for example, the DEV environment will have a different URL.

Get Middleware Version

api-version-controller

No auth token is required for this request.

This endpoint is used only to get the version number of the middleware. The response is a single object containing a string mentioning the version number of the middleware.

The returned number is NOT the version of the API.

getApiVersion

GET//sessions:8080/sessions/api-version

Response

Body

versionstring

Request

const response = await fetch('//sessions:8080/sessions/api-version', {
    method: 'GET',
    headers: {},
});
const data = await response.json();

Response

{
  "version": "text"
}

Email verification using a token

This verification is needed when a token is sent to the user's email address, and it is to be verified with the token in this POST request's body.

email-token-controller

verifyToken

POST//sessions:8080/sessions/email-verification-tokens

Body

body

token*string

Response

Request

const response = await fetch('//sessions:8080/sessions/email-verification-tokens', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      "token": "text"
    }),
});
const data = await response.json();

Phone Verification

phone-verification-code-controller

After adding a phone number to the customer account, that phone number will need to be verified with an authentication code. Usually, the user is navigated to a screen where the user needs to enter a code and press a button to send a request to the server to determine if the entered code is valid or not for the specific customer.

Please bear in mind that you have to pass the auth token as well; otherwise, the server won't be able to identify which customer is sending the request.

verifyCode

POST//sessions:8080/sessions/phone-verification-tokens

Body

body

code*integer (int32)

Response

Request

const response = await fetch('//sessions:8080/sessions/phone-verification-tokens', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({}),
});
const data = await response.json();

Two Factor Verification

two-factor-verification-controller

A two-factor authentication exists when the user tries to log in with the web app. For the request to work, the scopes must have signup, which will come from the oauth token itself. For the request to work, the request must have clientId along with Valid X-AAZZUR-DEVICE-CHALLENGE and X-AAZZUR-SIGNATURE in the header.

Like any other two-factor service, the services can be approved or rejected.

approveTwoFactor

POST https://sessions:8080/sessions/auth/two-factor/approve

Required scopes - signup Enhanced security through pin, password or challenge - as applicable - required, based on jurisdiction and/or client configuration

rejectSecondFactor

POST https://sessions:8080/sessions/auth/two-factor/reject

Required scopes - signup Enhanced security through pin, password or challenge - as applicable - required, based on jurisdiction and/or client configuration

PreviousEndpoints NextAccounts

Last updated 1 year ago