Authenticate a user with a password
username | string The user's username. Pass either |
string The user's primary email address. Pass either | |
phone_number | string The user's primary phone number. Pass only one of |
password required | string The user's password |
client_id required | string Client ID of the application requesting authentication, retrieved from the Transmit Admin Portal |
redirect_uri required | string URI to redirect to upon completion of the IDP flow. This is the server GET endpoint used to call the token endpoint, and should accept "code" as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal. |
resource | string Resource URI the login is attempting to access. |
require_mfa | boolean Default: false Require multi-factor authentication for this authentication request. |
claims | object Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. |
When the username/email and password don't match or don't exist
When the user has to change the password
{- "username": "string",
- "email": "string",
- "phone_number": "string",
- "password": "string",
- "client_id": "c35ab2a.xVShlOVGsUMh3Cqk73K1O.transmit",
- "resource": "string",
- "require_mfa": true,
- "claims": {
- "id_token": {
- "roles": null
}
}
}
{- "result": {
- "url": "string"
}
}
Creates a new user with a username and temporary password, which the user needs to reset immediately following this request.
{- "username": "string",
- "password": "string"
}
{- "message": "Password registered"
}
Resets a user's password
When the new password doesn't meet the password complexity requirements
{- "reset_token": "string",
- "new_password": "string",
- "redirect_uri": "string",
- "resource": "string",
- "require_mfa": true
}
{- "message": "Password changed successfully",
- "url": "string"
}
Starts a password reset flow by sending an email magic link. Once clicked, the User Agent will be redirected to the URI specified in this request. This URI will include a passwordCode required to reset the password.
When the email of the user is not verified
When there is no user with the requested email as a primary email in the tenant
{- "prev_reset_token": "string",
- "ignore_mfa": true,
- "email": "string",
- "username": "string",
- "email_content": {
- "subject": "string",
- "primaryColor": "#6981FF",
- "base64logo": "string",
- "headerText": "string",
- "bodyText": "string",
- "linkText": "string",
- "infoText": "string",
- "footerText": "If you didn't request this email, you can safely ignore it."
}
}
{- "message": "Reset password email sent"
}
Validates the current password and returns a reset token, which enables changing the user`s password
When the provided username, password or client_id are incorrect
{- "prev_reset_token": "string",
- "username": "string",
- "email": "string",
- "phone_number": "string",
- "password": "string",
- "client_id": "string"
}
{- "result": "string"
}
Starts a password reset flow by sending an SMS OTP
When the phone number of the user is not verified, a forbidden error will be returned
When there is no user with the requested phone number as primary phone number in the tenant
{- "prev_reset_token": "string",
- "ignore_mfa": true,
- "phone_number": "+16175551212"
}
{- "message": "SMS Sent"
}
Validate a reset password OTP
When the provided OTP is expired or invalid
When the requested user does not exist
{- "phone_number": "string",
- "passcode": "string"
}
{- "result": {
- "valid_password": true,
- "errors": [
- {
- "code": "string",
- "message": "string"
}
]
}
}
Validates a new password according to the requesting application's password policy. The validation includes checking the password complexity (such as minimum length and character requirements) and password history (i.e., that the same password wasn't used too recently). This can be used before updating a user's password to first check that the password they chose is valid and if not, provide feedback to the user.
When the application does not have password auth method configured
{- "email": "string",
- "phone_number": "string",
- "username": "string",
- "password": "string"
}
{- "result": {
- "valid_password": true,
- "errors": [
- {
- "code": "string",
- "message": "string"
}
]
}
}
Retrieve ID and access tokens. This API is used to retrieve ID and access tokens using the code that was returned in the redirect URI as a query parameter (for example, when the user clicks a magic link). It may also create a new user if create_new_user was set to true in the send request and no user exists for the email address or phone number (depending on the flow).
{- "code": "GZxLFKTDCnlANVTxNvaWz7AIGPpXqZYSXdAwjiWRuOH",
- "client_id": "DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV",
- "client_secret": "FzxvdDMbvxnc45sdfb789XCVGEW6usazxcvbw3KPsb23"
}
{- "id_token": "string",
- "access_token": "string",
- "refresh_token": "string",
- "is_user_created": true
}
Logout the user from a specific session. The user and session are derived from the access token used to authorize the request (which was issued based on the authentication that created the session)
Sessions deleted Successfully
curl -i -X POST \ https://api.transmitsecurity.io/cis/v1/auth/logout \ -H 'Authorization: Bearer <YOUR_JWT_HERE>'
{- "sessions_count": 0
}