How can we help?

Searching:

0 results found

Authorizations/Login

POST /api/auth/login

Description

To get the authorization token for the Axonize REST API.

The following flow enables you to obtain the required authentication token to log in –

  • This Login request is sent with the required request parameters.
  • Axonize’s Authentication Provider validates the credentials that were supplied.

For valid credentials, one of the following responses is returned, depending on whether or not the MFA mechanism is enabled –

  • MFA Not Enabled A status code of 200 OK is returned in the response, as described below. The API client can use the authorization token to use the Axonize REST API endpoints. The following shows the login response when all login request parameters are satisfactory –

  public class LoginResponse : ILoginResponse

    {

        [DataMember(Name = “token”)]

        public string Token { get; set; }

 

        [DataMember(Name = “name”)]

        public string UserName;

 

        [DataMember(Name = “redirectUrl”)]

        public string RedirectUrl { get; set; }       

    }

  • MFA Enabled When valid login credentials are provided and MFA is enabled, this login response returns the status code Forbidden 403. In this case, the user must follow the flow described on page 194, in addition to the flow described above, to obtain the Axonize authentication token required for logging in.

Request Properties

There are two options for sending a Login request, as follows –

appId in the Header

In this case, the Application(s) to which the user is allowed access is specified in the appId of the Login request header. The appId is a unique Application identifier that is automatically generated by Axonize in response to the Application/Post request.

Property Type Description Mandatory
Email String User email Y
Password String User password Y

For example –

https://api.stg.axonize.com/api/auth/login \

  -H ‘Content-Type: application/json’ \

  -H ‘appId: be517433-c4b8-4788-9258-1ba220432134’ \

  -d ‘{“email”:”demousers@axonize.com”,”password”:”somePassword!”}’

URL in the Body

In this case, the Application(s) to which the user is allowed access is determined by the URL property in the body of the Login request (described below). In this case, there is no appId in the Login request header.

Property Type Description Mandatory
URL String This URL specifies the application to which the user is allowed access.
For example: myapp.stg.axonize.com or myapp.stg.axonize.com/mysubapp.
Y
Email String User email Y
Password String User password Y

For example –

curl -X POST \

  https://api.stg.axonize.com/api/auth/login \

  -H ‘Content-Type: application/json’ \

  -d ‘{“email”:”demo@user.com”,”password”:”somePassword”, 
  “url”:”demoapp.stg.axonize.com”}’

Response Properties

Property Type Description
Name String The user name.
Token String The authorization token that enables access to the Axonize REST API.
RedirectURL String For Internal use. The URL for SSO integration.

200 OK

{

    “name”: “some user name”,

    “token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9”,

    “redirectUrl”: null

}

If the login user name (email) or password is incorrect, then the response is 401.

See Also