Skip to content
Orillion logo
Soramitsu logo

Authorizing a user in the system

Signs in a registered FIB user on the FIB API server.

Protocol: HTTP

EncodingJSON

Endpoint/auth/api/v1/authentication-management/session

MethodPOST

Input/request structure

Show
json5
{
  email: 'string', //The user’s email address
  signature: 'string', //The signature of the user’s email address encoded as Hex
  authPublicKeyHex: 'string' //The public key of the 'Authorization' key pair encoded as Hex
}
{
  email: 'string', //The user’s email address
  signature: 'string', //The signature of the user’s email address encoded as Hex
  authPublicKeyHex: 'string' //The public key of the 'Authorization' key pair encoded as Hex
}
json5
{
  email: 'alice@mail.com',
  signature: '0b458f758eeca3d7a2a64de0648c9b7dccaee146202257cd8ebaeb4690aa48b464108111d8cf0e7f3b0ace1b51dcda89e76d372233514f324e00d64c6b899c0e',
  authPublicKeyHex: '8a53d297bc406c63396967388ecc2ebc8abd701d195a43bbb4751ac5a86eac1b'
}
{
  email: 'alice@mail.com',
  signature: '0b458f758eeca3d7a2a64de0648c9b7dccaee146202257cd8ebaeb4690aa48b464108111d8cf0e7f3b0ace1b51dcda89e76d372233514f324e00d64c6b899c0e',
  authPublicKeyHex: '8a53d297bc406c63396967388ecc2ebc8abd701d195a43bbb4751ac5a86eac1b'
}

Info

For instructions on how to generate the signature string, see Signing user email addresses.

The authPublicKeyHex string is taken from the user's Authorization key pair on the FIB Web App Profile screen. For details, see Web App UI: 'Authorization' key pair.

Output/response structure

Show
json5
{
  status: {
    code: integer($int32),
    name: 'string'
  },
  data: {
    accessToken: 'string',
    refreshToken: 'string',
    expirationTime: integer($int64)
  }
}
{
  status: {
    code: integer($int32),
    name: 'string'
  },
  data: {
    accessToken: 'string',
    refreshToken: 'string',
    expirationTime: integer($int64)
  }
}
json5
{
  status: {
    code: 200,
    name: 'OK'
  },
  data: {
    accessToken: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJhY2MiOiJhbGljZUB3b25kZXJsYW5kIiwic3ViIjoiYWxpY2VAbWFpbC5jb20iLCJyb2xlIjoiUk9MRV9QRUVSIiwiZXhwIjoxNzAzMTg3NDEyLCJqdGkiOiIwNjgzM2FlZi03ZDljLTQ2MTUtYTU4YS02YjYxZWZkM2FhNjEifQ.HvrukWtcA7nz5rbxWiklJOjnv4X7jaAQ7piJaxqlW5rvUv52rClqYYHSn9F-P4u6pKNlJSpiiiH0GnynXsL7CQ',
    refreshToken: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJzdWIiOiJhbGljZUBtYWlsLmNvbSIsImFjanRpIjoiMDY4MzNhZWYtN2Q5Yy00NjE1LWE1OGEtNmI2MWVmZDNhYTYxIiwiZXhwIjoxNzAzMjczNTEyLCJqdGkiOiJhY2NkYWUzNS00ODA1LTQ5NmQtYTBiZC02Y2Y4OGI3OTBkYjkifQ.rCrbFnF5axwixq4wwURZdu_DFwFlOil9RFYkmqlLYVPoU1UpN8PlWC8Kg7QBvA-eJYVzb8yKgQ0GiIAITe3ADA',
    expirationTime: 300
  }
}
{
  status: {
    code: 200,
    name: 'OK'
  },
  data: {
    accessToken: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJhY2MiOiJhbGljZUB3b25kZXJsYW5kIiwic3ViIjoiYWxpY2VAbWFpbC5jb20iLCJyb2xlIjoiUk9MRV9QRUVSIiwiZXhwIjoxNzAzMTg3NDEyLCJqdGkiOiIwNjgzM2FlZi03ZDljLTQ2MTUtYTU4YS02YjYxZWZkM2FhNjEifQ.HvrukWtcA7nz5rbxWiklJOjnv4X7jaAQ7piJaxqlW5rvUv52rClqYYHSn9F-P4u6pKNlJSpiiiH0GnynXsL7CQ',
    refreshToken: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJzdWIiOiJhbGljZUBtYWlsLmNvbSIsImFjanRpIjoiMDY4MzNhZWYtN2Q5Yy00NjE1LWE1OGEtNmI2MWVmZDNhYTYxIiwiZXhwIjoxNzAzMjczNTEyLCJqdGkiOiJhY2NkYWUzNS00ODA1LTQ5NmQtYTBiZC02Y2Y4OGI3OTBkYjkifQ.rCrbFnF5axwixq4wwURZdu_DFwFlOil9RFYkmqlLYVPoU1UpN8PlWC8Kg7QBvA-eJYVzb8yKgQ0GiIAITe3ADA',
    expirationTime: 300
  }
}

Responses

Response CodeDescription
200User authorization has been successful.
400Bad request.
404User has not been found.
422User signature either could not be decoded or verified, or the authPublicKeyHex string is not valid.
500Internal server error.