Authentication and Authorization API
Every user has to authenticate with ConnectyCube before using any ConnectyCube functionality.
When someone connects with an application using ConnectyCube, the application will need to obtain a session token which provides temporary, secure access to ConnectyCube APIs. By default, session token is valid for 2 hours. Any API request prolongs the token validity for another 2 hours.
A session token is an opaque string that identifies a user and an application.
Create session token
Section titled “Create session token”As a starting point, the user’s session token needs to be created allowing user any further actions within the app. Pass login/email and password to identify a user:
Endpoint
Section titled “Endpoint”POST https://api.connectycube.com/session
Parameters
Section titled “Parameters”Parameter | Required | Description |
---|---|---|
user[login] | Yes* | User’s login |
user[email] | Yes* | User’s email |
user[password] | Yes | User’s Password |
provider | Optional | Possible values: facebook, twitter, firebase_phone, firebase_email |
keys[token] | Optional | Social network provider’s access token |
keys[secret] | Optional, for Twitter only | Social network provider’s access token secret |
firebase_phone[project_id] | Optional, for Firebase only | Firebase project ID - the unique identifier for your Firebase project |
firebase_phone[access_token] | Optional, for Firebase only | Firebase user’s ID token |
firebase_email[project_id] | Optional, for Firebase only | Firebase project ID - the unique identifier for your Firebase project |
firebase_email[access_token] | Optional, for Firebase only | Firebase user’s ID token |
There are four available sets of data to specify when create a session with a user:
login
andpassword
email
andpassword
provider
+keys[token]
andkeys[secret]
- when sign up with Facebook or Twitterprovider
+firebase_phone[project_id]
andfirebase_phone[access_token]
- when sign up with a phone numberprovider
+firebase_email[project_id]
andfirebase_email[access_token]
- when sign up with a email
Request example
Section titled “Request example”curl -X POST \-H "Content-Type: application/json" \-d '{"application_id": "1", "auth_key": "29WfrNWdvkhmX6V", "timestamp": "1544010993", "user":{"login": "john", "password": "11111111"}}' \https://api.connectycube.com/session
Response
Section titled “Response”{ "session": { "id": 111, "user_id": 111, "application_id": 1, "token": "83153a14fb2df777c2f866178902a4bb15000001", "ts": 1544010993, "created_at": "2018-12-05T11:58:02Z", "updated_at": "2018-12-05T11:58:02Z", "user": { "id": 81, "full_name": "John Smith", "email": "johnsmith@domain.com", "login": "john", "phone": "380665787842", "website": null, "created_at": "2018-06-15T14:20:54Z", "updated_at": "2018-12-05T11:58:02Z", "last_request_at": "2018-12-05T11:58:02Z", "external_user_id": null, "facebook_id": null, "twitter_id": null, "custom_data": "", "blob_id": null, "avatar": "", "user_tags": null } }}
Note: With the request above, the user is created automatically on the fly upon session creation using the login (or email) and password from the request parameters.
Important: For better security it is recommended to deny the session creation without an existing user.
For this, set ‘Session creation without an existing user entity’ to Deny under the Application -> Overview -> Permissions in the admin panel.
Create session with Guest User
Section titled “Create session with Guest User”Session can be created with temporary guest user, user will be automatically created, session with guest user valid for 1 day after user will be automatically deleted.
NOTE: Guest user can’t be authorized by login/email password
Parameters
Section titled “Parameters”Parameter | Required | Description |
---|---|---|
user[guest] | No | Define creating session with temporary guest user |
user[full_name] | No | Set guest user full_name |
Request example
Section titled “Request example”curl -X POST \-H "Content-Type: application/json" \-d '{"application_id": "1", "auth_key": "29WfrNWdvkhmX6V", "timestamp": "1678966390", "user":{"guest": "1", "full_name": "Olof Shodger"}}' \https://api.connectycube.com/session
Response
Section titled “Response”{ "session": { "application_id": 1, "token": "3E5CDBE3743E33DC820E012BF81BCD77ABFF", "created_at": "2023-03-16T11:33:10Z", "updated_at": "2023-03-16T11:33:10Z", "ts": 1678966390, "user_id": 900265, "id": 900265, "user": { "_id": "6412fe76d6600d1d3d67877d", "id": 900265, "created_at": "2023-03-16T11:33:10Z", "updated_at": "2023-03-16T11:33:10Z", "login": "guest_login_328A465366359BDDB984904D49EAD187B524", "full_name": "Olof Shodger", "is_guest": true, "last_request_at": null, "timezone": null, "email": null, "phone": "", "website": null, "twitter_id": null, "external_user_id": null, "facebook_id": null, "custom_data": null, "user_tags": null, "avatar": null, "external_id": null } }}
Get information about session
Section titled “Get information about session”Retriving information about the current (active) session from token specified as a header.
Endpoint
Section titled “Endpoint”GET https://api.connectycube.com/session
Request example
Section titled “Request example”curl -X GET \-H "CB-Token: <TOKEN> "\https://api.connectycube.com/session
Response
Section titled “Response”{ "session": { "id": 219606, "user_id": 47592, "application_id": 212, "token": "66e8aef2757404f3c7c2488f17ebdd8b8a0000d4", "ts": 1544083714, "created_at": "2018-12-06T08:08:35Z", "updated_at": "2018-12-06T08:08:35Z", "user": { "id": 47592, "full_name": "John Smith", "email": "johnsmith@gmail.com", "login": "johnsmith", "phone": null, "website": null, "created_at": "2018-11-23T09:42:36Z", "updated_at": "2018-12-06T08:08:35Z", "last_request_at": "2018-12-06T08:08:35Z", "external_user_id": null, "facebook_id": null, "twitter_id": null, "blob_id": null, "custom_data": null, "avatar": null, "user_tags": null } }}
Destroy session
Section titled “Destroy session”The request destroys all of the data associated with the current session.
Endpoint
Section titled “Endpoint”DELETE https://api.connectycube.com/session
Request example
Section titled “Request example”curl -X DELETE \-H "CB-Token: <TOKEN> "\https://api.connectycube.com/session
Response
Section titled “Response”Status: 200