Skip to main content

App User Auth API

The App User Auth API allows the App users to carry out user authentication & authorization functions in the App.

Endpoints

# Endpoints
POST
/app/auth/account/check
# Check if the account exists.
POST
/app/auth/username/info
# Get email and phone by username.
GET
/app/auth/info
# Get email and phone.
POST
/app/auth/login
# Login an App User
POST
/app/auth/otp
# Send OTP
POST
/app/auth/login/verify
# Login verify OTP
POST
/app/auth/signup/verify
# Signup verify OTP
POST
/app/auth/forgot-password/verify
# forgot password verify OTP
POST
/app/auth/password
# Set user password by the first time. An exception will be thrown if a password is set.
PUT
/app/auth/password
# Reset user password after 'forgot password verify OTP' in 15 minutes limit
DELETE
/app/auth/logout
# Logout an App User
PUT
/app/auth/device-token
# Upload device token after login or signup. So call this API need access token in request header

Check account

This endpoint checks whether the account exists in database or not.

Request (UserCheckAccountReqDTO)

POST /app/auth/account/check
{
  "loginID": "test@aritaone.com"
}

Response (UserCheckAccountResDTO)

{
  "success": true,
  "message": "",
  "data": {
    "accountType": 1,
    "exists": true,
    "setPassword": true
  }
}
{
  "success": false,
  "message": "輸入的用戶名不存在",
  "data": null
}

Get email phone by username

This endpoint returns the blurred email and phone of the user by username.

Request (GetEmailPhoneReqDTO)

POST /app/auth/username/info
{
  "username": "OZFQkAz5"
}

Response (GetEmailPhoneResDTO)

{
  "success": true,
  "message": "",
  "data": {
    "email": "bi*****@*****.com",
    "phone": "******27"
  }
}

Get email phone

This endpoint returns the blurred email and phone of the user.

Request

GET /app/auth/info

Response (GetEmailPhoneUnblurredResDTO)

{
  "success": true,
  "message": "",
  "data": {
    "email": "test@aritaone.com",
    "phone": "68098227"
  }
}

Login user

This endpoint authenticates the user and return access token.

Request (UserLoginReqDTO)

POST /app/auth/login
{
  "loginID": "test@aritaone.com",
  "password": "PasghWgf",
  "deviceToken": "1234567890"
}

Response (UserLoginResDTO)

{
  "success": true,
  "message": "",
  "data": {
    "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyZGUwYjg3Ni1jNmM2LTExZWQtYTQ5Yy0wMjQyYWMxMjAwMDIiLCJleHAiOjE2NzkyODc3Mjd9.9c6BUnxi0Rruag2OCJKiHWquRf830Ma9yeI-atSH-TQ"
  }
}

Send OTP

This endpoint triggers the one-time-password verification of four digits for email or phone.

Request (OtpReqDTO)

POST /app/auth/otp
{
  "nature": 1,
  "loginID": "test@aritaone.com",
  "sendType": 0
}

Response (OtpResDTO)

{
  "success": true,
  "message": "",
  "data": {
    "otpToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHBpcnkiOiIyMDI0LTA0LTIzVDA5OjA0OjQ1WiIsImxvZ2luSUQiOiJ0ZXN0QGFyaXRhb25lLmNvbSIsIm5hdHVyZSI6MX0.iTIbn6BUqsAAxLVrTSHYxkLV39ajcp8H-PL_KYb_3OI"
  }
}

Login verify OTP

This endpoint verifies the one-time-password verification.

Request (OtpVerificationReqDTO)

POST /app/auth/login/verify
{
  "otp": 37695,
  "otpToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHBpcnkiOiIyMDI0LTA0LTIzVDA5OjA0OjQ1WiIsImxvZ2luSUQiOiJ0ZXN0QGFyaXRhb25lLmNvbSIsIm5hdHVyZSI6MX0.iTIbn6BUqsAAxLVrTSHYxkLV39ajcp8H-PL_KYb_3OI"
}

Response

{
  "success": true,
  "message": "",
  "data": {
    "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyZGUwYjg3Ni1jNmM2LTExZWQtYTQ5Yy0wMjQyYWMxMjAwMDIiLCJleHAiOjE2NzkyODc3Mjd9.9c6BUnxi0Rruag2OCJKiHWquRf830Ma9yeI-atSH-TQ"
  }
}

Signup verify OTP

This endpoint verifies the one-time-password verification.

Request (OtpVerificationReqDTO)

POST /app/auth/signup/verify
{
  "otp": 37695,
  "otpToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHBpcnkiOiIyMDI0LTA0LTIzVDA5OjA0OjQ1WiIsImxvZ2luSUQiOiJ0ZXN0QGFyaXRhb25lLmNvbSIsIm5hdHVyZSI6MX0.iTIbn6BUqsAAxLVrTSHYxkLV39ajcp8H-PL_KYb_3OI"
}

Response

{
  "success": true,
  "message": "",
  "data": {
    "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyZGUwYjg3Ni1jNmM2LTExZWQtYTQ5Yy0wMjQyYWMxMjAwMDIiLCJleHAiOjE2NzkyODc3Mjd9.9c6BUnxi0Rruag2OCJKiHWquRf830Ma9yeI-atSH-TQ"
  }
}

Forgot password verify OTP

This endpoint verifies the one-time-password verification before setting password.

Request (OtpVerificationReqDTO)

POST /app/auth/forgot-password/verify
{
  "otp": 37695,
  "otpToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHBpcnkiOiIyMDI0LTA0LTIzVDA5OjA0OjQ1WiIsImxvZ2luSUQiOiJ0ZXN0QGFyaXRhb25lLmNvbSIsIm5hdHVyZSI6MX0.iTIbn6BUqsAAxLVrTSHYxkLV39ajcp8H-PL_KYb_3OI"
}

Response

{
  "success": true,
  "message": "",
  "data": {
    "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyZGUwYjg3Ni1jNmM2LTExZWQtYTQ5Yy0wMjQyYWMxMjAwMDIiLCJleHAiOjE2NzkyODc3Mjd9.9c6BUnxi0Rruag2OCJKiHWquRf830Ma9yeI-atSH-TQ"
  }
}

Set user password

Request (UserSetPasswordReqDTO)

POST /app/auth/password
{
  "password": "gdfhdjo33"
}

Response

{
  "success": true,
  "message": "",
  "data": null
}

Forgot reset user password

Request (UserSetPasswordReqDTO)

PUT /app/auth/password
{
  "password": "gdfhdjo33"
}

Response

{
  "success": true,
  "message": "",
  "data": null
}

Logout user

This endpoint authenticates the user and return access token.

Request

DELETE /app/auth/logout

Response

{
  "success": true,
  "message": "",
  "data": null
}

Upload device token

Request (DeviceTokenReqDTO)

PUT /app/auth/device-token
{
  "deviceToken": "D2fdAbE5e9bcAFDBE5bEeED3b795ecf44B35e99B6D28591429fEE6B7C0BcCed1"
}

Response

{
  "success": true,
  "message": "",
  "data": null
}

Resources

UserCheckAccountReqDTO

properties
  • loginID
    string
    required
    The login identification. This field can be login email, login phone or login username.

UserCheckAccountResDTO

properties
  • accountType
    accountType
    required
    check account type: 1 - username, 2 - email, 3 - phone.
  • exists
    boolean
    required
    account is exists.
  • setPassword
    boolean
    It indicates if the user has set password or not.

UserLoginReqDTO

properties
  • loginID
    string
    required
    The login identification. This field can be login email, login phone or login username.
  • password
    string
    required
    The login password.
  • deviceToken
    string
    required
    The device token.

UserLoginResDTO

properties
  • accessToken
    string
    required
    The access token is generated for the access to the JCCI resources

OtpReqDTO

properties
  • nature
    OtpNature
    required
    The nature of OTP.
  • loginID
    string
    required
    The login identification. This field can be login email or login phone. Login username is not supported in this method
  • sendType
    SendType
    default:  0
    If loginID is email or phone, sendType has to be 0; if loginID is username, sendType = 1 will send sms to email and sendType = 2 will send sms to phone.

OtpResDTO

properties
  • otpToken
    string
    required
    Token is generated with expiry time, loginID and nature of OTP.
    The token generated for verification.

OtpVerificationReqDTO

properties
  • otp
    integer
    required
    The four-digit verification code.
  • otpToken
    string
    required
    Token is generated with expiry time, loginID and nature of OTP.
    The token generated for verification.

UserSetPasswordReqDTO

properties
  • password
    string
    required
    [6 ... 40]
    at least 6 chars
    at most 40 chars
    only letters, numbers and special characters are allowed
    The login password. If password is not provided, it will be generated randomly by system.

DeviceTokenReqDTO

properties
  • deviceToken
    string
    required
    [1 ... 255]
    The device token to identify the specific device.

GetEmailPhoneReqDTO

properties
  • username
    string
    required
    The username of the user

GetEmailPhoneResDTO

properties
  • email
    string
    required
    The blurred email. If this is null, it means the username is linked to an email.
  • phone
    string
    required
    The blurred phone. If this is null, it means the username is linked to a phone

GetEmailPhoneUnblurredResDTO

properties
  • email
    string
    required
    The email. If this is null, it means the username is linked to an email.
  • phone
    string
    required
    The phone. If this is null, it means the username is linked to a phone

OtpNature

NameValueDescription
LOGIN1User for login
SIGNUP2The users signup
RESET_PASSWORD3The users need to verify their identity in the flow of "reset password" or "forgot password"
UPDATE_EMAIL4The users update their own email or link the account to an email
UPDATE_PHONE5The users update their own phone or link the account to a phone

AccountType

NameValue
Username1
Email2
Phone3

DeviceType

NameValue
IOS0
ANDROID1
ANDROID OTHER2

SendType

NameValue
NONE0
EMAIL1
PHONE2