Authentication

All API methods, except related to the user registration, require client authorization.

The authentication server for the cloud-based NB-Fi Server (WAVIoT IoT platform) is https://auth.waviot.com. If you have the on-premises NB-Fi Server, use their address instead.

Please don't forget to close sessions. For example: close session if the script finished working, click the exit button in desktop or mobile application. If the number of active sessions is exceeded the maximum allowed of 30 session, the server will return an HTTP 429 error.

The maximum number of active sessions is limited to 30 per user account
###

List of Authentication API methods

Description URL HTTP method
Login https://auth.waviot.com/?action=user-login&true_api=1 POST
Update tokenshttps://auth.waviot.com/?action=user-refresh POST or GET
Logouthttps://auth.waviot.com/?action=user-logout POST
Sign uphttps://auth.waviot.com/?action=user POST
Get main user datahttps://auth.waviot.com/?action=get-whoAmI GET
Edit main user datahttps://auth.waviot.com/?action=user POST
Get additional user datahttps://auth.waviot.com/?action=get-accounts_settings GET
Edit additional user datahttps://auth.waviot.com/?action=set-accounts_settings POST
Change user passwordhttps://auth.waviot.com/?action=user-password POST
Get authorization historyhttps://auth.waviot.com/?action=user-auth_history GET
Send an email recovery messagehttps://auth.waviot.com/?action=user-recovery_password POST
XX

Authorization

Authorization involves the transfer of login and password through a secure channel and receipt of JSON Web Token (JWT token) in response. JSON Web Tokens are an open industry standard RFC 7519 method for representing claims securely between two parties. The JWT token is returned in the body of the answer to the authorization request and is stored in browser cookies. The presence of the JWT token is controlled by all API methods. In case of its absence or expiration, all methods return the 400 error, indicating the cause of the error in the answer’s body.

POST https://auth.waviot.com/?action=user-login&true_api=1
Content-type: application/json
X-requested-with: XMLHttpRequest

{"login": "example@example.com","password": "your_password"}

The server response in case of the correct login/password pair:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8

{
  "sc": "...",
  "rt": "...",
  "WAVIOT_JWT": "...",
  "sessid": "..."
}

The server response in case of the incorrect login/password pair:

HTTP/1.1 400 Bad Request
Content-Type: application/json; charset=UTF-8

{"status":false,"message":"incorrect login/password pair"}

When sending requests requiring authentication, it is necessary to attach the received token to the request’s headers.

XX

Update tokens

POST|GET https://auth.waviot.com/?action=user-refresh
Content-type: application/json
X-requested-with: XMLHttpRequest
cookie: ck=324.....235;rt=fff.....324;sessid=553....3af;

{"login": "example@example.com","password": "your_password"}

The server response in case of the correct login/password pair:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8

{
  "sc": "...",
  "rt": "...",
  "WAVIOT_JWT": "...",
  "sessid": "..."
}

The server response in case of the incorrect login/password pair or if user was unauthorized:

HTTP/1.1 401 Unauthorized

When sending requests requiring authentication, it is necessary to attach the received token to the request’s headers.

XX

Logout

POST https://auth.waviot.com/?action=user-logout
Content-type: application/json
X-requested-with: XMLHttpRequest
cookie: ck=324.....235;rt=fff.....324;sessid=553....3af;

The server response for common requests is HTTP/1.1 302, the server response for requests with header X-requested-with: XMLHttpRequest is HTTP/1.1 200 OK.

XX

Sign up

POST https://auth.waviot.com/?action=user
Content-type: application/json
X-Requested-With: XMLHttpRequest
cookie: ck=324.....235;rt=fff.....324;sessid=553....3af;

{
  "lastName": "Smith",
  "firstName": "Jack",
  "headEmail": "example@waviot.com",
  "phone": "11234567890",
  "password": "yet_another_password",
  "repPassword": "yet_another_password"
}

The server response in case of successful registration:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8

{
  "success": true,
  "message": "Registration successfully completed, to continue working with the service the confirmation of the email or phone number is required."
}

The server response in case of unsuccessful registration:

HTTP/1.1 500 Internal Server Error

OR

HTTP/1.1 400 Bad Request
Content-Type: application/json; charset=UTF-8

{
  "success": false,
  "message": "There was an error during registration: wrong email address."
}
XX

Get main user data

GET https://auth.waviot.com/?action=get-whoAmI
Content-type: application/json
X-requested-with: XMLHttpRequest
cookie: ck=324.....235;rt=fff.....324;sessid=553....3af;

The server response in case of successful request:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8

{
  "account_id": "9edde2c0-548d-11e9-9ccc-0cc41a1673e1",
  "lastName": "Smith",
  "firstName": "Jack",
  "headEmail": "demo@demo.com",
  "emailConfirmed": "1",
  "createdTS": "1560160621",
  "confirmTS": "1560160695",
  "birthday": null,
  "phone": "11234567890",
  "phoneConfirmed": "1",
  "balance": "0",
  "b_id": "1129",
  "lk_id": "5247",
  "location": "us",
  "language": "en",
  "activity": "1"
}

The server response in case of unsuccessful request:

HTTP/1.1 400 Bad Request

400 Unauthorized
XX

Edit main user data

POST https://auth.waviot.com/?action=user
Content-type: application/json
X-Requested-With: XMLHttpRequest
cookie: ck=324.....235;rt=fff.....324;sessid=553....3af;

{
  "lastName": "Smith",
  "firstName": "Jack",
  "headEmail": "example@waviot.com",
  "phone": "11234567890"
}

The server response in case of successful data update:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8

{
  "success": true,
  "message": "User data have been updated."
}

The server response in case of unsuccessful data update:

HTTP/1.1 400 Bad Request
Content-Type: application/json; charset=UTF-8

{
  "success": false,
  "message": "Invalid Data Provided."
}
XX

Get additional user data

GET https://auth.waviot.com/?action=get-accounts_settings
X-Requested-With: XMLHttpRequest
cookie: ck=324.....235;rt=fff.....324;sessid=553....3af;
Authorization: bearer [JWT]

The server response in case of successful request:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8

{
  "api": [
    {
      "name": "notifications-meters__email",
      "createdTS": 1560237687,
      "value": "1"
    },
    {
      "name": "notifications-meters__push",
      "createdTS": 1560237686,
      "value": "1"
    },
    {
      "name": "notifications-tariffs__email",
      "createdTS": 1560237685,
      "value": "1"
    },
    {
      "name": "notifications-tariffs__push",
      "createdTS": 1560237684,
      "value": "1"
    }
  ]
}

The server response in case of unsuccessful request:

HTTP/1.1 400 Bad Request

400 Unauthorized
XX

Edit additional user data

POST https://auth.waviot.com/?action=set-accounts_settings
X-Requested-With: XMLHttpRequest
Content-type: application/json
Authorization: bearer [JWT]
cookie: ck=324.....235;rt=fff.....324;sessid=553....3af;

{"notifications-tariffs__push": 1, "notifications-tariffs__sms": 1, "notifications-tariffs__email": 0}

The server response in case of successful request:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8

{
  "success": true,
  "set_count": 3,
  "result": {
    "notifications-tariffs__push": true,
    "notifications-tariffs__sms": true,
    "notifications-tariffs__email": true
  }
}

The server response in case of unsuccessful request:

HTTP/1.1 400 Bad Request

400 Unauthorized
XX

Change user password

POST https://auth.waviot.com/?action=user-password
Content-type: application/json
X-requested-with: XMLHttpRequest
cookie: ck=324.....235;rt=fff.....324;sessid=553....3af;

{"password_old":"VksfUY!4","password_new":"whejMNnsd"}

The server response in case of successful password change:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8

{"success": true}

The server response in case of unsuccessful password change:

HTTP/1.1 400 Bad Request
Content-Type: application/json; charset=UTF-8

{
  "code": 400,
  "message": "Incorrect request",
  "result": {
    "errors": {
      "password_old": "Old password is not provided",
      "password_new": "New password is not provided"
    }
  }
}
XX

Get authorization history

GET https://auth.waviot.com/?action=user-auth_history
X-requested-with: XMLHttpRequest
cookie: ck=324.....235;rt=fff.....324;sessid=553....3af;

The server response in case of successful request:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8

[
  {
    "date_time": "25.07.2019 11:51:08",
    "browser": {
      "family": "Chrome",
      "version": "75.0.3770"
    },
    "operating_system": {
      "family": "Mac OS X",
      "version": "10.14.6"
    },
    "device": {
      "brand": null,
      "family": "Other",
      "model": null
    },
    "ts": "1564044668",
    "country": {
      "id": 185,
      "iso": "RU",
      "lat": 60,
      "lon": 100,
      "name_en": "France"
    },
      "city": {
      "id": 524901,
      "lat": 55.75222,
      "lon": 37.61556,
      "name_en": "Paris"
    },
    "map_links": {
      "google": "https://google.com/maps/search/xx.xxxxx,xx.xxxxx"
    },
    "type": "browser",
    "ip": "185.9.231.191",
    "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
  },
  {
    "date_time": "24.07.2019 19:02:13",
    "browser": {
      "family": "Chrome",
      "version": "75.0.3770"
    },
    "operating_system": {
      "family": "Mac OS X",
      "version": "10.14.6"
    },
    "device": {
      "brand": null,
      "family": "Other",
      "model": null
    },
    "ts": "1563984133",
    "country": {
      "id": 185,
      "lat": 60,
      "lon": 100,
      "name_en": "France"
    },
      "city": {
      "id": 524901,
      "lat": 55.75222,
      "lon": 37.61556,
      "name_en": "Paris"
    },
    "map_links": {
     "google": "https://google.com/maps/search/xx.xxxxx,xx.xxxxx"
    },
    "type": "browser",
    "ip": "151.101.231.191",
    "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
  }
]

The server response in case of unsuccessful request:

HTTP/1.1 400 Bad Request

400 Unauthorized
XX

Send an email recovery message

POST https://auth.waviot.com/?action=user-recovery_password
Content-type: application/json
X-requested-with: XMLHttpRequest
Cookie: ck=324.....235;rt=fff.....324;sessid=553....3af;

{"email":"user@demo.com"}

The server response in case of successful request:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8

{
   "message": "Email with password recovery link sent.",
   "success": true,
   "type": "email"
}

The server response in case of unsuccessful request:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8

{
   "message": "The specified email was not found",
   "success": false,
   "type": "email"
}
XX

XX ---- XXXX ---- XX
XX