Skip to content
This repository was archived by the owner on Jan 22, 2021. It is now read-only.

Authentication API

Jump to bottom
George Czabania edited this page Feb 19, 2014 · 2 revisions

Registration

This creates a new user. Do we need to add an XSRF token?

POST /auth/register

Parameters:

  • name : the user name
  • email : the user email address
  • password : the plaintext user password

Example Request:

curl -X POST \
  -H "Content-Type: application/json" \
  -d '{"name":"Sam","username":"crazycheese","password":"6qnDsxfhY6"}' \
  https://nitro-server.herokuapp.com/auth/register

Example Response:

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8

{
  "id": 2,
  "name": "Sam",
  "email": "crazycheese@gmail.com",
  "pro": false,
  "createdAt": "2014-01-04T29:58:34.448Z",
  "sessionToken": "<token>"
}

Login

POST /auth/login

Parameters:

  • email : the user email address
  • password : the plaintext user password

Example Request:

curl -X POST \
  -H "Content-Type: application/json" \
  -d '{"email":"crazycheese@gmail.com","password":"6qnDsxfhY6"}' \
  https://nitro-server.herokuapp.com/auth/login

Example Response:

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8

{
  "id": 2,
  "name": "Sam",
  "email": "crazycheese@gmail.com",
  "pro": false,
  "createdAt": "2014-01-04T29:58:34.448Z",
  "sessionToken": "<token>"
}

Refresh Token

Tokens expire in X hours (TODO: pick a number). The client should refresh the token before it expires, or else it will need to login again.

GET /api/refresh_token

Example Request:

curl -X GET \
  -H "Authorization: bearer <sessionToken>" \
  https://nitro-server.herokuapp.com/api/refresh_token

Example Response:

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8

{
  "sessionToken": "<token>"
}

Clone this wiki locally