Authentication
Authentication
All API methods, except related to the user registration, require client authorization.
List of Authentication API methods
Description | URL | HTTP method |
---|---|---|
Login | https://auth.waviot.com/?action=user-login&true_api=1 | POST |
Update tokens | https://auth.waviot.com/?action=user-refresh | POST or GET |
Logout | https://auth.waviot.com/?action=user-logout | POST |
Sign up | https://auth.waviot.com/?action=user | POST |
Get main user data | https://auth.waviot.com/?action=get-whoAmI | GET |
Edit main user data | https://auth.waviot.com/?action=user | POST |
Get additional user data | https://auth.waviot.com/?action=get-accounts_settings | GET |
Edit additional user data | https://auth.waviot.com/?action=set-accounts_settings | POST |
Change user password | https://auth.waviot.com/?action=user-password | POST |
Get authorization history | https://auth.waviot.com/?action=user-auth_history | GET |
Send an email recovery message | https://auth.waviot.com/?action=user-recovery_password | POST |
Authorization
Authorization involves the transfer of login and password through a secure channel and receipt of JSON Web Token (JWT token) in response. JSON Web Tokens are an open industry standard RFC 7519 method for representing claims securely between two parties. The JWT token is returned in the body of the answer to the authorization request and is stored in browser cookies. The presence of the JWT token is controlled by all API methods. In case of its absence or expiration, all methods return the 400 error, indicating the cause of the error in the answer’s body.
POST https://auth.waviot.com/?action=user-login&true_api=1 Content-type: application/json X-requested-with: XMLHttpRequest {"login": "example@example.com","password": "your_password"}
The server response in case of the correct login/password pair:
HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 { "sc": "...", "rt": "...", "WAVIOT_JWT": "...", "sessid": "..." }
The server response in case of the incorrect login/password pair:
HTTP/1.1 400 Bad Request Content-Type: application/json; charset=UTF-8 {"status":false,"message":"incorrect login/password pair"}
When sending requests requiring authentication, it is necessary to attach the received token to the request’s headers.
Update tokens
POST|GET https://auth.waviot.com/?action=user-refresh Content-type: application/json X-requested-with: XMLHttpRequest cookie: ck=324.....235;rt=fff.....324;sessid=553....3af; {"login": "example@example.com","password": "your_password"}
The server response in case of the correct login/password pair:
HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 { "sc": "...", "rt": "...", "WAVIOT_JWT": "...", "sessid": "..." }
The server response in case of the incorrect login/password pair or if user was unauthorized:
HTTP/1.1 401 Unauthorized
When sending requests requiring authentication, it is necessary to attach the received token to the request’s headers.
Logout
POST https://auth.waviot.com/?action=user-logout Content-type: application/json X-requested-with: XMLHttpRequest cookie: ck=324.....235;rt=fff.....324;sessid=553....3af;
The server response for common requests is HTTP/1.1 302, the server response for requests with header X-requested-with: XMLHttpRequest is HTTP/1.1 200 OK.
Sign up
POST https://auth.waviot.com/?action=user Content-type: application/json X-Requested-With: XMLHttpRequest cookie: ck=324.....235;rt=fff.....324;sessid=553....3af; { "lastName": "Smith", "firstName": "Jack", "headEmail": "example@waviot.com", "phone": "11234567890", "password": "yet_another_password", "repPassword": "yet_another_password" }
The server response in case of successful registration:
HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 { "success": true, "message": "Registration successfully completed, to continue working with the service the confirmation of the email or phone number is required." }
The server response in case of unsuccessful registration:
HTTP/1.1 500 Internal Server Error
OR
HTTP/1.1 400 Bad Request Content-Type: application/json; charset=UTF-8 { "success": false, "message": "There was an error during registration: wrong email address." }
Get main user data
GET https://auth.waviot.com/?action=get-whoAmI Content-type: application/json X-requested-with: XMLHttpRequest cookie: ck=324.....235;rt=fff.....324;sessid=553....3af;
The server response in case of successful request:
HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 { "account_id": "9edde2c0-548d-11e9-9ccc-0cc41a1673e1", "lastName": "Smith", "firstName": "Jack", "headEmail": "demo@demo.com", "emailConfirmed": "1", "createdTS": "1560160621", "confirmTS": "1560160695", "birthday": null, "phone": "11234567890", "phoneConfirmed": "1", "balance": "0", "b_id": "1129", "lk_id": "5247", "location": "us", "language": "en", "activity": "1" }
The server response in case of unsuccessful request:
HTTP/1.1 400 Bad Request 400 Unauthorized
Edit main user data
POST https://auth.waviot.com/?action=user Content-type: application/json X-Requested-With: XMLHttpRequest cookie: ck=324.....235;rt=fff.....324;sessid=553....3af; { "lastName": "Smith", "firstName": "Jack", "headEmail": "example@waviot.com", "phone": "11234567890" }
The server response in case of successful data update:
HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 { "success": true, "message": "User data have been updated." }
The server response in case of unsuccessful data update:
HTTP/1.1 400 Bad Request Content-Type: application/json; charset=UTF-8 { "success": false, "message": "Invalid Data Provided." }
Get additional user data
GET https://auth.waviot.com/?action=get-accounts_settings X-Requested-With: XMLHttpRequest cookie: ck=324.....235;rt=fff.....324;sessid=553....3af; Authorization: bearer [JWT]
The server response in case of successful request:
HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 { "api": [ { "name": "notifications-meters__email", "createdTS": 1560237687, "value": "1" }, { "name": "notifications-meters__push", "createdTS": 1560237686, "value": "1" }, { "name": "notifications-tariffs__email", "createdTS": 1560237685, "value": "1" }, { "name": "notifications-tariffs__push", "createdTS": 1560237684, "value": "1" } ] }
The server response in case of unsuccessful request:
HTTP/1.1 400 Bad Request 400 Unauthorized
Edit additional user data
POST https://auth.waviot.com/?action=set-accounts_settings X-Requested-With: XMLHttpRequest Content-type: application/json Authorization: bearer [JWT] cookie: ck=324.....235;rt=fff.....324;sessid=553....3af; {"notifications-tariffs__push": 1, "notifications-tariffs__sms": 1, "notifications-tariffs__email": 0}
The server response in case of successful request:
HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 { "success": true, "set_count": 3, "result": { "notifications-tariffs__push": true, "notifications-tariffs__sms": true, "notifications-tariffs__email": true } }
The server response in case of unsuccessful request:
HTTP/1.1 400 Bad Request 400 Unauthorized
Change user password
POST https://auth.waviot.com/?action=user-password Content-type: application/json X-requested-with: XMLHttpRequest cookie: ck=324.....235;rt=fff.....324;sessid=553....3af; {"password_old":"VksfUY!4","password_new":"whejMNnsd"}
The server response in case of successful password change:
HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 {"success": true}
The server response in case of unsuccessful password change:
HTTP/1.1 400 Bad Request Content-Type: application/json; charset=UTF-8 { "code": 400, "message": "Incorrect request", "result": { "errors": { "password_old": "Old password is not provided", "password_new": "New password is not provided" } } }
Get authorization history
GET https://auth.waviot.com/?action=user-auth_history X-requested-with: XMLHttpRequest cookie: ck=324.....235;rt=fff.....324;sessid=553....3af;
The server response in case of successful request:
HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 [ { "date_time": "25.07.2019 11:51:08", "browser": { "family": "Chrome", "version": "75.0.3770" }, "operating_system": { "family": "Mac OS X", "version": "10.14.6" }, "device": { "brand": null, "family": "Other", "model": null }, "ts": "1564044668", "country": { "id": 185, "iso": "RU", "lat": 60, "lon": 100, "name_en": "France" }, "city": { "id": 524901, "lat": 55.75222, "lon": 37.61556, "name_en": "Paris" }, "map_links": { "google": "https://google.com/maps/search/xx.xxxxx,xx.xxxxx" }, "type": "browser", "ip": "185.9.231.191", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36" }, { "date_time": "24.07.2019 19:02:13", "browser": { "family": "Chrome", "version": "75.0.3770" }, "operating_system": { "family": "Mac OS X", "version": "10.14.6" }, "device": { "brand": null, "family": "Other", "model": null }, "ts": "1563984133", "country": { "id": 185, "lat": 60, "lon": 100, "name_en": "France" }, "city": { "id": 524901, "lat": 55.75222, "lon": 37.61556, "name_en": "Paris" }, "map_links": { "google": "https://google.com/maps/search/xx.xxxxx,xx.xxxxx" }, "type": "browser", "ip": "151.101.231.191", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36" } ]
The server response in case of unsuccessful request:
HTTP/1.1 400 Bad Request 400 Unauthorized
Send an email recovery message
POST https://auth.waviot.com/?action=user-recovery_password Content-type: application/json X-requested-with: XMLHttpRequest Cookie: ck=324.....235;rt=fff.....324;sessid=553....3af; {"email":"user@demo.com"}
The server response in case of successful request:
HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 { "message": "Email with password recovery link sent.", "success": true, "type": "email" }
The server response in case of unsuccessful request:
HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 { "message": "The specified email was not found", "success": false, "type": "email" }