Download OpenAPI specification:Download
Login users using one-time login methods like magic links or OTPs. This implements a frontend integration for authentication, where the client obtains an authorization code that your app can exchange in the backend for user tokens.
Send a magic link by email to a user
| email required | string Email of the user |
| redirect_uri required | string URI that will receive the authorization code. This is the server GET endpoint used to call the token endpoint, and should accept 'code' as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal. |
| create_new_user | boolean Default: false Indicates whether to create a new user at the end of the authentication flow if a user is not found for the provided email. If enabled, public signups must also be configured as allowed for the application. |
| resource | string URI of the resource the request is attempting to access, which is reflected in the audience (aud claim) of the access token. This must be configured as resource for the application. |
object Texts, logo and color to render email template with | |
| require_mfa | boolean Default: false Require multi factor authentication for this authentication request. |
| claims | object Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. |
object Login attributes | |
| org_id | string Organization ID, used for member login in B2B scenarios |
{- "email": "name@example.com",
- "create_new_user": false,
- "resource": "string",
- "email_content": {
- "subject": "string",
- "primaryColor": "#6981FF",
- "base64logo": "string",
- "headerText": "string",
- "bodyText": "string",
- "linkText": "string",
- "infoText": "string",
- "footerText": "If you didn't request this email, you can safely ignore it.",
- "senderName": "string"
}, - "require_mfa": true,
- "claims": {
- "id_token": {
- "roles": null
}
}, - "client_attributes": {
- "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
- "ip_address": "123.45.67.89"
}, - "org_id": "string"
}{- "message": "Email sent successfully"
}Send a one-time passcode (OTP) by email to the given email address.
| email required | string Email of the user |
| redirect_uri required | string URI that will receive the authorization code. This is the server GET endpoint used to call the token endpoint, and should accept 'code' as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal. |
| create_new_user | boolean Default: false Indicates whether to create a new user at the end of the authentication flow if a user is not found for the provided email. If enabled, public signups must also be configured as allowed for the application. |
| resource | string URI of the resource the request is attempting to access, which is reflected in the audience (aud claim) of the access token. This must be configured as resource for the application. |
object Texts, logo and color to render email template with | |
| require_mfa | boolean Default: false Require multi factor authentication for this authentication request. |
| claims | object Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. |
object Login attributes | |
| org_id | string Organization ID, used for member login in B2B scenarios |
| approval_data | object Flat object that contains the data that your customer should approve for a transaction signing or custom approval flow. It can contain up to 10 keys, and only alphanumeric characters, underscores, hyphens, and periods. It will be returned as a claim in the ID token upon successful authentication. |
User Not Found
{- "email": "name@example.com",
- "create_new_user": false,
- "resource": "string",
- "email_content": {
- "subject": "string",
- "primaryColor": "#6981FF",
- "base64logo": "string",
- "headerText": "string",
- "bodyText": "string",
- "linkText": "string",
- "infoText": "string",
- "footerText": "If you didn't request this email, you can safely ignore it.",
- "senderName": "string"
}, - "require_mfa": true,
- "claims": {
- "id_token": {
- "roles": null
}
}, - "client_attributes": {
- "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
- "ip_address": "123.45.67.89"
}, - "org_id": "string",
- "approval_data": {
- "transaction_id": "eFII2y40uB9hQ98nXt3tc1IHkRt8GrRZiqZuRn_59wT",
- "sum": "200"
}
}{- "message": "OTP email sent",
- "approval_data": {
- "transaction_id": "eFII2y40uB9hQ98nXt3tc1IHkRt8GrRZiqZuRn_59wT",
- "sum": "200"
}
}Validate a one-time passcode sent by email to a user. The endpoint will return a URI which can be used to redirect the client in order to complete authentication.
{- "email": "string",
- "passcode": "string",
- "response_type": "code",
- "nonce": "string"
}{- "result": "string"
}Send a one-time passcode (OTP) by SMS to the given phone number
| custom_message | string Message to send, must contain {otp} and {app} placeholders to be replaced with one time password and application name. Limited to 140 characters |
| sender_id | string The sender name that appears as the message sender on recipients devices. Limited to 11 characters. Limited support see https://docs.aws.amazon.com/sns/latest/dg/sns-supported-regions-countries.html |
| phone_number required | string Phone number to send the OTP to |
| create_new_user required | boolean Default: false Indicates whether to create a new user at the end of the authentication flow if a user is not found for the provided phone number. If enabled, public signups must also be configured as allowed for the application. |
| redirect_uri required | string URI that will receive the authorization code once the SMS OTP is validated. This is the server GET endpoint used to call the token endpoint, and should accept 'code' as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal |
| require_mfa | boolean Default: false Require multi factor authentication for this authentication request. |
| claims | object Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. |
| approval_data | object Flat object that contains the data that your customer should approve for a transaction signing or custom approval flow. It can contain up to 10 keys, and only alphanumeric characters, underscores, hyphens, and periods. It will be returned as a claim in the ID token upon successful authentication. |
| org_id | string Organization ID, used for member login in B2B scenarios |
User Not Found
{- "custom_message": "string",
- "sender_id": "string",
- "phone_number": "string",
- "create_new_user": false,
- "redirect_uri": "string",
- "require_mfa": true,
- "claims": {
- "id_token": {
- "roles": null
}
}, - "approval_data": {
- "transaction_id": "eFII2y40uB9hQ98nXt3tc1IHkRt8GrRZiqZuRn_59wT",
- "sum": "200"
}, - "org_id": "string"
}{- "message": "SMS sent",
- "approval_data": {
- "transaction_id": "eFII2y40uB9hQ98nXt3tc1IHkRt8GrRZiqZuRn_59wT",
- "sum": "200"
}
}Validate a one-time passcode sent by SMS to a user. The endpoint will return a URI which can be used to redirect the client in order to complete authentication.
{- "phone_number": "string",
- "passcode": "string",
- "response_type": "code",
- "nonce": "string"
}{- "result": "string"
}Retrieve ID and access tokens. This API is used to retrieve ID and access tokens using the code that was returned in the redirect URI as a query parameter (for example, when the user clicks a magic link). It may also create a new user if create_new_user was set to true in the send request and no user exists for the email address or phone number (depending on the flow).
{- "code": "GZxLFKTDCnlANVTxNvaWz7AIGPpXqZYSXdAwjiWRuOH",
- "client_id": "DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV",
- "client_secret": "FzxvdDMbvxnc45sdfb789XCVGEW6usazxcvbw3KPsb23"
}{- "id_token": "string",
- "access_token": "string",
- "refresh_token": "string",
- "is_user_created": true
}Logout the user from a specific session. The user and session are derived from the access token used to authorize the request (which was issued based on the authentication that created the session)
Sessions deleted Successfully
{- "sessions_count": 0
}