This repository has been archived by the owner on Jan 22, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
Authentication API
George Czabania edited this page Feb 19, 2014
·
2 revisions
This creates a new user. Do we need to add an XSRF token?
POST /auth/register
Parameters:
-
name: the user name -
email: the user email address -
password: the plaintext user password
Example Request:
curl -X POST \
-H "Content-Type: application/json" \
-d '{"name":"Sam","username":"crazycheese","password":"6qnDsxfhY6"}' \
https://nitro-server.herokuapp.com/auth/register
Example Response:
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
"id": 2,
"name": "Sam",
"email": "crazycheese@gmail.com",
"pro": false,
"createdAt": "2014-01-04T29:58:34.448Z",
"sessionToken": "<token>"
}POST /auth/login
Parameters:
-
email: the user email address -
password: the plaintext user password
Example Request:
curl -X POST \
-H "Content-Type: application/json" \
-d '{"email":"crazycheese@gmail.com","password":"6qnDsxfhY6"}' \
https://nitro-server.herokuapp.com/auth/login
Example Response:
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
"id": 2,
"name": "Sam",
"email": "crazycheese@gmail.com",
"pro": false,
"createdAt": "2014-01-04T29:58:34.448Z",
"sessionToken": "<token>"
}Tokens expire in X hours (TODO: pick a number). The client should refresh the token before it expires, or else it will need to login again.
GET /api/refresh_token
Example Request:
curl -X GET \
-H "Authorization: bearer <sessionToken>" \
https://nitro-server.herokuapp.com/api/refresh_token
Example Response:
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
"sessionToken": "<token>"
}