Download OpenAPI specification:Download
Provide your users a passwordless authentication experience
Authenticate the user using secured biometrics. This endpoint should be called from the user's browser. It will redirect the User Agent to the login page and redirect back to Transmit upon successful authentication. Once Transmit verifies the authentication response, the User Agent will be redirected to the redirect_uri specified in the request. This URI will now include a code parameter in the query, which will be later exchanged for a token via the /token endpoint.
| client_id required | string <= 150 characters Client ID of the application requesting authentication, retrieved from the Transmit Admin Portal Example: client_id=DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV |
| redirect_uri required | string URI to redirect to upon completion of the IDP flow. This is the server GET endpoint used to call the token endpoint, and should accept "code" as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal Example: redirect_uri=https://www.example.com/login |
| create_new_user | boolean Default: true Indicates if a new user should be created if no user with associated email was found. If enabled, public signups must also be configured as allowed for the application. |
| resource | string Resource URI the login is attempting to access. |
| require_mfa | boolean Default: false Require multi factor authentication for this authentication request. Example: require_mfa=true |
| login_hint | string Hint for the user's login identifier. Example: login_hint=user@acme.com |
| custom_message | string Custom message to present on the consent screens, which provides authentication context details. Example: custom_message=Welcome to Acme |
| verifications | string List of data verifications to try and execute, specified as a space-delimited string. Email address will be verified by default, but this can be used to request a verified phone number ( Example: verifications=phone |
| ui_locales | string Preferred languages for the user interface, specified as a space-separated list of language tag values [RFC5646], ordered by preference. |
| claims | string A stringified object used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. Note: You should stringify the value. Example: claims={"id_token":{"roles":null}} |
| state | string An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks |
| nonce | string A random value that is included in the authentication request from the client (e.g. browser) to mitigate replay attacks. It will be added to the id_token and the backend service should only accept id_tokens that include the same nonce value as the one included in the original request |
Redirect with code
curl -i -X GET \ 'https://api.transmitsecurity.io/cis/v1/auth/webauthn?client_id=string&redirect_uri=string&create_new_user=true&resource=string&require_mfa=false&login_hint=string&custom_message=string&verifications=string&ui_locales=string&claims=string&state=string&nonce=string'
{- "message": "Invalid redirect_uri",
- "error_code": 400
}Authenticate the user using Sign in with Apple. This endpoint should be called from the user's browser. It will redirect the User Agent to the Apple IDP and redirect back to Transmit upon successful authentication. Once Transmit verifies the authentication response, the User Agent will be redirected to the redirect_uri specified in the request. This URI will now include a code parameter in the query, which will be later exchanged for a token via the /token endpoint.
| client_id required | string <= 150 characters Client ID of the application requesting authentication, retrieved from the Transmit Admin Portal Example: client_id=DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV |
| redirect_uri required | string URI to redirect to upon completion of the IDP flow. This is the server GET endpoint used to call the token endpoint, and should accept "code" as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal Example: redirect_uri=https://www.example.com/login |
| create_new_user | boolean Default: true Indicates if a new user should be created if no user with associated email was found. If enabled, public signups must also be configured as allowed for the application. |
| resource | string Resource URI the login is attempting to access. |
| require_mfa | boolean Default: false Require multi factor authentication for this authentication request. Example: require_mfa=true |
| claims | string A stringified object used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. Note: You should stringify the value. Example: claims={"id_token":{"roles":null}} |
| state | string An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks |
| nonce | string A random value that is included in the authentication request from the client (e.g. browser) to mitigate replay attacks. It will be added to the id_token and the backend service should only accept id_tokens that include the same nonce value as the one included in the original request |
Redirect with code
curl -i -X GET \ 'https://api.transmitsecurity.io/cis/v1/auth/apple?client_id=string&redirect_uri=string&create_new_user=true&resource=string&require_mfa=false&claims=string&state=string&nonce=string'
{- "message": "Invalid redirect_uri",
- "error_code": 400
}Authenticate the user using Facebook Login. This endpoint should be called from the user's browser. It will redirect the User Agent to the Facebook IDP and redirect back to Transmit upon successful authentication. Once Transmit verifies the authentication response, the User Agent will be redirected to the redirect_uri specified in the request. This URI will now include a code parameter in the query, which will be later exchanged for a token via the /token endpoint.
| client_id required | string <= 150 characters Client ID of the application requesting authentication, retrieved from the Transmit Admin Portal Example: client_id=DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV |
| redirect_uri required | string URI to redirect to upon completion of the IDP flow. This is the server GET endpoint used to call the token endpoint, and should accept "code" as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal Example: redirect_uri=https://www.example.com/login |
| create_new_user | boolean Default: true Indicates if a new user should be created if no user with associated email was found. If enabled, public signups must also be configured as allowed for the application. |
| resource | string Resource URI the login is attempting to access. |
| require_mfa | boolean Default: false Require multi factor authentication for this authentication request. Example: require_mfa=true |
| claims | string A stringified object used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. Note: You should stringify the value. Example: claims={"id_token":{"roles":null}} |
| state | string An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks |
| nonce | string A random value that is included in the authentication request from the client (e.g. browser) to mitigate replay attacks. It will be added to the id_token and the backend service should only accept id_tokens that include the same nonce value as the one included in the original request |
Redirect with code
curl -i -X GET \ 'https://api.transmitsecurity.io/cis/v1/auth/facebook?client_id=string&redirect_uri=string&create_new_user=true&resource=string&require_mfa=false&claims=string&state=string&nonce=string'
{- "message": "Invalid redirect_uri",
- "error_code": 400
}Authenticate the user using Google Sign-In. This endpoint should be called from the user's browser. It will redirect the User Agent to the Google IDP and redirect back to Transmit upon successful authentication. Once Transmit verifies the authentication response, the User Agent will be redirected to the redirect_uri specified in the request. This URI will now include a code parameter in the query, which will be later exchanged for a token via the /token endpoint.
| client_id required | string <= 150 characters Client ID of the application requesting authentication, retrieved from the Transmit Admin Portal Example: client_id=DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV |
| redirect_uri required | string URI to redirect to upon completion of the IDP flow. This is the server GET endpoint used to call the token endpoint, and should accept "code" as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal Example: redirect_uri=https://www.example.com/login |
| create_new_user | boolean Default: true Indicates if a new user should be created if no user with associated email was found. If enabled, public signups must also be configured as allowed for the application. |
| resource | string Resource URI the login is attempting to access. |
| require_mfa | boolean Default: false Require multi factor authentication for this authentication request. Example: require_mfa=true |
| claims | string A stringified object used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. Note: You should stringify the value. Example: claims={"id_token":{"roles":null}} |
| state | string An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks |
| nonce | string A random value that is included in the authentication request from the client (e.g. browser) to mitigate replay attacks. It will be added to the id_token and the backend service should only accept id_tokens that include the same nonce value as the one included in the original request |
Redirect with code
curl -i -X GET \ 'https://api.transmitsecurity.io/cis/v1/auth/google?client_id=string&redirect_uri=string&create_new_user=true&resource=string&require_mfa=false&claims=string&state=string&nonce=string'
{- "message": "Invalid redirect_uri",
- "error_code": 400
}Authenticate the user using LINE login. This endpoint should be called from the user's browser. It will redirect the User Agent to the LINE IDP and redirect back to Transmit upon successful authentication. Once Transmit verifies the authentication response, the User Agent will be redirected to the redirect_uri specified in the request. This URI will now include a code parameter in the query, which will be later exchanged for a token via the /token endpoint.
| client_id required | string <= 150 characters Client ID of the application requesting authentication, retrieved from the Transmit Admin Portal Example: client_id=DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV |
| redirect_uri required | string URI to redirect to upon completion of the IDP flow. This is the server GET endpoint used to call the token endpoint, and should accept "code" as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal Example: redirect_uri=https://www.example.com/login |
| create_new_user | boolean Default: true Indicates if a new user should be created if no user with associated email was found. If enabled, public signups must also be configured as allowed for the application. |
| resource | string Resource URI the login is attempting to access. |
| require_mfa | boolean Default: false Require multi factor authentication for this authentication request. Example: require_mfa=true |
| claims | string A stringified object used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. Note: You should stringify the value. Example: claims={"id_token":{"roles":null}} |
| state | string An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks |
| nonce | string A random value that is included in the authentication request from the client (e.g. browser) to mitigate replay attacks. It will be added to the id_token and the backend service should only accept id_tokens that include the same nonce value as the one included in the original request |
Redirect with code
curl -i -X GET \ 'https://api.transmitsecurity.io/cis/v1/auth/line?client_id=string&redirect_uri=string&create_new_user=true&resource=string&require_mfa=false&claims=string&state=string&nonce=string'
{- "message": "Invalid redirect_uri",
- "error_code": 400
}Send a magic link by email to a user
| email required | string Email of the user |
| redirect_uri required | string URI that will receive the authorization code. This is the server GET endpoint used to call the token endpoint, and should accept 'code' as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal. |
| create_new_user | boolean Default: false Indicates whether to create a new user at the end of the authentication flow if a user is not found for the provided email. If enabled, public signups must also be configured as allowed for the application. |
| resource | string URI of the resource the request is attempting to access, which is reflected in the audience (aud claim) of the access token. This must be configured as resource for the application. |
object Texts, logo and color to render email template with | |
| require_mfa | boolean Default: false Require multi factor authentication for this authentication request. |
| claims | object Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. |
object Login attributes |
{- "email": "name@example.com",
- "create_new_user": false,
- "resource": "string",
- "email_content": {
- "subject": "string",
- "primaryColor": "#6981FF",
- "base64logo": "string",
- "headerText": "string",
- "bodyText": "string",
- "linkText": "string",
- "infoText": "string",
- "footerText": "If you didn't request this email, you can safely ignore it."
}, - "require_mfa": true,
- "claims": {
- "id_token": {
- "roles": null
}
}, - "client_attributes": {
- "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
- "ip_address": "123.45.67.89"
}
}{- "message": "Email sent successfully"
}Send a one-time passcode (OTP) by email to the given email address.
| email required | string Email of the user |
| redirect_uri required | string URI that will receive the authorization code. This is the server GET endpoint used to call the token endpoint, and should accept 'code' as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal. |
| create_new_user | boolean Default: false Indicates whether to create a new user at the end of the authentication flow if a user is not found for the provided email. If enabled, public signups must also be configured as allowed for the application. |
| resource | string URI of the resource the request is attempting to access, which is reflected in the audience (aud claim) of the access token. This must be configured as resource for the application. |
object Texts, logo and color to render email template with | |
| require_mfa | boolean Default: false Require multi factor authentication for this authentication request. |
| claims | object Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. |
object Login attributes | |
| approval_data | object Flat object that contains the data that your customer should approve for a transaction signing or custom approval flow. It can contain up to 10 keys, and only alphanumeric characters, underscores, hyphens, and periods. It will be returned as a claim in the ID token upon successful authentication. |
User Not Found
{- "email": "name@example.com",
- "create_new_user": false,
- "resource": "string",
- "email_content": {
- "subject": "string",
- "primaryColor": "#6981FF",
- "base64logo": "string",
- "headerText": "string",
- "bodyText": "string",
- "linkText": "string",
- "infoText": "string",
- "footerText": "If you didn't request this email, you can safely ignore it."
}, - "require_mfa": true,
- "claims": {
- "id_token": {
- "roles": null
}
}, - "client_attributes": {
- "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
- "ip_address": "123.45.67.89"
}, - "approval_data": {
- "transaction_id": "eFII2y40uB9hQ98nXt3tc1IHkRt8GrRZiqZuRn_59wT",
- "sum": "200"
}
}{- "message": "OTP email sent",
- "approval_data": {
- "transaction_id": "eFII2y40uB9hQ98nXt3tc1IHkRt8GrRZiqZuRn_59wT",
- "sum": "200"
}
}Validate a one-time passcode sent by email to a user. The endpoint will return a URI which can be used to redirect the client in order to complete authentication.
{- "email": "string",
- "passcode": "string",
- "response_type": "code",
- "nonce": "string"
}{- "result": "string"
}Send a one-time passcode (OTP) by SMS to the given phone number
| custom_message | string Message to send, must contain {otp} and {app} placeholders to be replaced with one time password and application name. Limited to 140 characters |
| sender_id | string The sender name that appears as the message sender on recipients devices. Limited to 11 characters. Limited support see https://docs.aws.amazon.com/sns/latest/dg/sns-supported-regions-countries.html |
| phone_number required | string Phone number to send the OTP to |
| create_new_user required | boolean Default: false Indicates whether to create a new user at the end of the authentication flow if a user is not found for the provided phone number. If enabled, public signups must also be configured as allowed for the application. |
| redirect_uri required | string URI that will receive the authorization code once the SMS OTP is validated. This is the server GET endpoint used to call the token endpoint, and should accept 'code' as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal |
| require_mfa | boolean Default: false Require multi factor authentication for this authentication request. |
| claims | object Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. |
| approval_data | object Flat object that contains the data that your customer should approve for a transaction signing or custom approval flow. It can contain up to 10 keys, and only alphanumeric characters, underscores, hyphens, and periods. It will be returned as a claim in the ID token upon successful authentication. |
User Not Found
{- "custom_message": "string",
- "sender_id": "string",
- "phone_number": "string",
- "create_new_user": false,
- "redirect_uri": "string",
- "require_mfa": true,
- "claims": {
- "id_token": {
- "roles": null
}
}, - "approval_data": {
- "transaction_id": "eFII2y40uB9hQ98nXt3tc1IHkRt8GrRZiqZuRn_59wT",
- "sum": "200"
}
}{- "message": "SMS sent",
- "approval_data": {
- "transaction_id": "eFII2y40uB9hQ98nXt3tc1IHkRt8GrRZiqZuRn_59wT",
- "sum": "200"
}
}Validate a one-time passcode sent by SMS to a user. The endpoint will return a URI which can be used to redirect the client in order to complete authentication.
{- "phone_number": "string",
- "passcode": "string",
- "response_type": "code",
- "nonce": "string"
}{- "result": "string"
}Retrieve ID and access tokens. This API is used to retrieve ID and access tokens using the code that was returned in the redirect URI as a query parameter (for example, when the user clicks a magic link). It may also create a new user if create_new_user was set to true in the send request and no user exists for the email address or phone number (depending on the flow).
{- "code": "GZxLFKTDCnlANVTxNvaWz7AIGPpXqZYSXdAwjiWRuOH",
- "client_id": "DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV",
- "client_secret": "FzxvdDMbvxnc45sdfb789XCVGEW6usazxcvbw3KPsb23"
}{- "id_token": "string",
- "access_token": "string",
- "refresh_token": "string",
- "is_user_created": true
}Logout the user from a specific session. The user and session are derived from the access token used to authorize the request (which was issued based on the authentication that created the session)
Sessions deleted Successfully
curl -i -X POST \ https://api.transmitsecurity.io/cis/v1/auth/logout \ -H 'Authorization: Bearer <YOUR_JWT_HERE>'
{- "sessions_count": 0
}