JSON API

Authentication

Invitation code generation (admin)

POST /invitations

  • REQUEST:
    • BODY:
          "data": {
              "type": "invitations"
          }
      
    • HEADERS:
          Content-Type: application/vnd.api+json
          Accept: application/vnd.api+json
          Authorization: Bearer <string, previously generated auth token (verified user)>
      
  • RESPONSE:
    • Success:
      • Status: 201 Created
      • BODY:
              "data": {
                  "type": "invitations",
                  "id": "<invitation_id>",
                  "attributes": {
                      "code": "<invitation code>",
                      "status": "<[USED, UNUSED, LOCKED]>"
                  },
                  "links": {
                      "self": "<link for invitation status fetching>"
                  }
              }
        
    • Failure:
      • Status: 403 Forbidden, 400 Bad Request, 401 Unauthorized, 500 Internal Server Error
      • BODY:
              "errors": {
                  "id": "<string error id>",
                  "detail": "<human readable error description>"
              }
        

Account creation

POST /accounts

  • REQUEST:
    • BODY:
          "data": {
              "type": "accounts",
              "attributes": {
                  "email": "<user email>"
              },
              "meta": {
                  "invitation_code": "<invitation_code>"
              }
          }
      
    • HEADERS:
          Content-Type: application/vnd.api+json
          Accept: application/vnd.api+json
      
  • RESPONSE:
    • Success:
      • Status: 202 Accepted
      • HEADERS:
              set-cookie: XSRF-TOKEN=<CSRF_TOKEN>; Secure; Expires=<date>; 
              Max-Age=<number>; HttpOnly
        
      • BODY:
    • Failure:
      • Status: 403 Forbidden, 400 Bad Request, 500 Internal Server Error
      • BODY:
              "errors": {
                  "id": "<string error id>",
                  "detail": "<human readable error description>"
              }
        

Email verification

GET /verify?token=token_from_email

  • REQUEST:
    • HEADERS:
          X-XSRF-TOKEN: <CSRF_TOKEN>
          Content-Type: application/vnd.api+json
      
  • RESPONSE:
    • Success:
      • Status: 200 Accepted
      • BODY:
          {
              "access_token": "eyJz93a...k4laUWw",
              "refresh_token": "GEbRxBN...edjnXbL"
          }
        
    • Failure:
      • Status: 403 Forbidden, 400 Bad Request, 401 Unauthorized, 500 Internal Server Error
      • BODY:
              "errors": {
                  "id": "<string error id>",
                  "detail": "<human readable error description>"
              }
        

Comming soon

Web application verification flow