Weavr
Powered by Redocly

Access

Manage authentication for your users.

Login with password

Authenticate a user with the email and password that they provided when registering.

Given that the user credentials are correct, this returns a token that can then be used to authorise other secured operations. In case the password is expired, a temporary token is returned, which can be used solely for updating the password.

The token returned is valid for 5 minutes from last activity.

Securityapi_key
Request
Request Body schema: application/json
required
email
required
string <email> (Email)

E-mail Address of the user

required
object (SensitivePassword)

The user's password or passcode used to log in a user. Passwords must be:

  • between 8 and 30 characters
  • include a lowercase character
  • include an uppercase character
  • include a digit and a special character
  • different from any of the 5 last such passwords used.

For non-PCI compliant integrations, the password submitted must be tokenised.

Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

The authentication credentials are not found or are incorrect.

404

Not found - The requested token couldn't be found.

409

The user's password has expired. Use the returned temporary token to update their password via the '/passwords/update' endpoint.

410

Gone - The requested token is expired.

423

Locked - Account is temporarily locked due to failed consecutive login attempts. Try again in 30 minutes.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - The requested service is temporarily unavailable. Please try again later.

default

Error

post/login_with_password
Request samples
application/json
{
  • "email": "user@example.com",
  • "password": {
    }
}
Response samples
application/json
{
  • "token": "string",
  • "tokenType": "NO_TYPE",
  • "identity": {
    },
  • "credentials": {
    }
}

Login via biometrics

Trigger a push notification and subsequent biometric authentication of a user, by providing the email that was used in the enrolment process of biometrics.

This endpoint can be used in conjunction with your application to authenticate a user and receive a stepped-up token in a single action, for use in-session for any endpoints or UI components that require step-up authentication.

Given that the user credentials are correct, a push notification is sent to the user requesting them to complete biometric authentication. On successful completion of authentication, a token will be shared that can be used for endpoints or UI components that require a stepped-up token.

Securityapi_key
Request
Request Body schema: application/json
required
email
required
string <email> (Email)

E-mail Address of the user

object (IdentityId)
Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

The authentication credentials are not found or are incorrect.

409

Conflict

423

Locked - Account is temporarily locked due to failed consecutive login attempts. Try again in 30 minutes.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - The requested service is temporarily unavailable. Please try again later.

default

Error

post/login_via_biometrics
Request samples
application/json
{
  • "email": "user@example.com",
  • "identity": {
    }
}
Response samples
application/json
{
  • "challengeId": "string"
}

Get user identities

Retrieves a list of identities available to the holder of the token.

Security(auth_token and api_key) or api_key
Request
query Parameters
offset
integer >= 0

The number of results to skip from the beginning of the dataset.

limit
integer [ 1 .. 100 ]

The maximum number of identities to return.

Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - The requested service is temporarily unavailable. Please try again later.

default

Error

get/identities
Request samples 
Response samples 
application/json
{
  • "identities": [
    ],
  • "count": 0,
  • "responseCount": 0
}
Logout
Logs out the user and terminates the session identified by the auth_token in the Authorization Header.


Securityauth_token and api_key 
Responses 
200
Success


204
Success - No Content.


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - The requested service is temporarily unavailable. Please try again later.


default
Error


post/logout
Request samples 
Response samples 
application/json
{
  • "url": "string"
}
Acquire a new access token
This API endpoint accepts a POST request with an auth_token parameter and returns an access_token that grants authorized access to additional resources within the API, with a different expiration time and unique signature.


Security(auth_token and api_key) or api_key 
Request 
Request Body schema: application/json
required
required
object (IdentityId) 
 
clientAssertion
string
Generated using the certificate linked to the Delegated API Client. This feature is available only to customers that have been enabled with delegation functionality.


 
Responses 
200
Success


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
The auth token is not specified or is incorrect.


423
Locked - Account is temporarily locked due to failed consecutive login attempts. Try again in 30 minutes.


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - The requested service is temporarily unavailable. Please try again later.


default
Error


post/access_token
Request samples 
application/json
{
  • "identity": {
    },
  • "clientAssertion": "string"
}
Response samples 
application/json
{
  • "token": "string",
  • "identity": {
    },
  • "credentials": {
    },
  • "status": "STANDARD"
}
➔ Next to Passwords