Skip to content

Commit d1abed3

Browse files
author
Jon Kristensen
committed
README.md: Extend API documentation
1 parent 970b04b commit d1abed3

File tree

1 file changed

+36
-5
lines changed

1 file changed

+36
-5
lines changed

README.md

Lines changed: 36 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -83,19 +83,50 @@ Other changes can be done with SQL directly.
8383
API
8484
---
8585

86-
Authentication is done like this:
86+
The process of authenticating is done or started like this:
8787

8888
POST /api/login
8989
{ "user": "my_email@example.com", "password": "my_password" }
9090

91-
The above requests sets a cookie, "token". It also sets a header, "X-Token", in
92-
case you would rather get the token like that. As a third option, it includes
91+
If two-factor authentication is required, the request will cause a text message
92+
to be sent to the registered phone number for the user, and will result in a 499
93+
status code. In order to complete the authentication process, the one-time
94+
password code has to be sent to the login endpoint above, along with the user
95+
name and password.
96+
97+
POST /api/login
98+
{ "user": "my_email@example.com", "password": "my_password", "otp": "code" }
99+
100+
One of the above login requests (which one depends on whether two-factor
101+
authentication is used) will, if successful, set a cookie ("token") and return a
102+
201 status code. The response will also include header, "X-Token", in the case
103+
that you would rather get the token like that. As a third option, it includes
93104
the token in the JSON body like so:
94105

95106
{"token":"the_token"}
96107

97-
You will need to set this token in future requests, either as a header or as a
98-
cookie.
108+
You will need to set this token value in future requests, either as a header
109+
("X-Token") or as a cookie ("token"), in order to make your requests possible to
110+
authenticate. You can now access the application-specific API.
111+
112+
A GET request to /api/user-info will return some information about the currently
113+
authenticated user:
114+
115+
{
116+
"id": "0bddb111-a9cd-46ee-9d39-664e7fa71889",
117+
"email": "my_email@example.com",
118+
"name": "John Doe",
119+
"phone": null,
120+
"instances": [{
121+
"name": "Test",
122+
"id": "de305d54-75b4-431b-adb2-eb6b9e546014"
123+
}]
124+
}
125+
126+
The "id" field holds the user identifier. It's likely that you won't need to use
127+
this value. The instance information holds the different application instances
128+
that the user has access to, and will probably only be used when the single
129+
sign-on capabilities are used.
99130

100131
Logging out is done like this:
101132

0 commit comments

Comments
 (0)