Download OpenAPI specification:Download
Login users using passwords. This implements a frontend integration for password authentication, where passwords are handled only by the client. If the password credentials are valid, the client can obtain an authorization code that your app can exchange in the backend for user tokens.
Authenticate a user with a password
| username | string The user's username. Pass either |
string The user's primary email address. Pass either | |
| phone_number | string The user's primary phone number. Pass only one of |
| password required | string The user's password |
| client_id required | string Client ID of the application requesting authentication, retrieved from the Transmit Admin Portal |
| redirect_uri required | string URI to redirect to upon completion of the IDP flow. This is the server GET endpoint used to call the token endpoint, and should accept "code" as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal. |
| resource | string Resource URI the login is attempting to access. |
| require_mfa | boolean Default: false Require multi-factor authentication for this authentication request. |
| claims | object Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. |
| org_id | string Organization ID, used for member login in B2B scenarios |
When the username/email and password don't match or don't exist
When the user has to change the password
{- "username": "string",
- "email": "string",
- "phone_number": "string",
- "password": "string",
- "client_id": "c35ab2a.xVShlOVGsUMh3Cqk73K1O.transmit",
- "resource": "string",
- "require_mfa": true,
- "claims": {
- "id_token": {
- "roles": null
}
}, - "org_id": "string"
}{- "result": {
- "url": "string"
}
}Starts a password reset flow by sending an email magic link. Once clicked, the User Agent will be redirected to the URI specified in this request. This URI will include a code required to reset the password.
Required permissions: apps:execute, [appId]:execute, auth:execute.
When the email of the user is not verified
When there is no user with the requested email as a primary email in the tenant
{- "prev_reset_token": "string",
- "ignore_mfa": true,
- "email": "string",
- "username": "string",
- "email_content": {
- "subject": "string",
- "primaryColor": "#6981FF",
- "base64logo": "string",
- "headerText": "string",
- "bodyText": "string",
- "linkText": "string",
- "infoText": "string",
- "footerText": "If you didn't request this email, you can safely ignore it.",
- "senderName": "string"
}
}{- "message": "Reset password email sent"
}Starts a password reset flow by generating a magic link. Once clicked, the User Agent will be redirected to the URI specified in this request. This URI will include a code required to reset the password.
Required permissions: apps:execute, [appId]:execute, auth:execute.
When there is no user with the requested email as a primary email in the tenant
{- "prev_reset_token": "string",
- "ignore_mfa": true,
- "email": "string",
- "username": "string",
}{- "reset_link": "Reset password magic link"
}Starts a password reset flow by sending an Email OTP.
Required permissions: apps:execute, [appId]:execute, auth:execute.
When the email of the user is not verified, a forbidden error will be returned
When there is no user with the requested email address as primary email address in the tenant
{- "prev_reset_token": "string",
- "ignore_mfa": true,
- "email": "string",
- "email_content": {
- "subject": "string",
- "primaryColor": "#6981FF",
- "base64logo": "string",
- "headerText": "string",
- "bodyText": "string",
- "linkText": "string",
- "infoText": "string",
- "footerText": "If you didn't request this email, you can safely ignore it.",
- "senderName": "string"
}
}{- "message": "Email Sent"
}Validate a reset password OTP.
Required permissions: apps:execute, [appId]:execute, auth:execute.
When the provided OTP is expired or invalid
When the requested user does not exist
{- "email": "string",
- "passcode": "string"
}{- "result": "string"
}Starts a password reset flow by sending an SMS OTP.
Required permissions: apps:execute, [appId]:execute, auth:execute.
When the phone number of the user is not verified, a forbidden error will be returned
When there is no user with the requested phone number as primary phone number in the tenant
{- "prev_reset_token": "string",
- "ignore_mfa": true,
- "phone_number": "+16175551212"
}{- "message": "SMS Sent"
}Validate a reset password OTP.
Required permissions: apps:execute, [appId]:execute, auth:execute.
When the provided OTP is expired or invalid
When the requested user does not exist
{- "phone_number": "string",
- "passcode": "string"
}{- "result": "string"
}Validates the current password and returns a reset token, which enables changing the user`s password
When the provided username, password or client_id are incorrect
{- "prev_reset_token": "string",
- "username": "string",
- "email": "string",
- "phone_number": "string",
- "password": "string",
- "client_id": "string"
}{- "result": "string"
}Creates a new user with a username and temporary password, which the user needs to reset immediately following this request.
{- "username": "string",
- "password": "string"
}{- "message": "Password registered"
}Resets a user's password
When the new password doesn't meet the password complexity requirements
{- "reset_token": "string",
- "new_password": "string",
- "redirect_uri": "string",
- "resource": "string",
- "require_mfa": true
}{- "message": "Password changed successfully",
- "url": "string",
- "email": "string"
}Validates a new password according to the requesting application's password policy. The validation includes checking the password complexity (such as minimum length and character requirements) and password history (i.e., that the same password wasn't used too recently). This can be used before updating a user's password to first check that the password they chose is valid and if not, provide feedback to the user.
Required permissions: apps:execute, [appId]:execute, auth:execute.
When the application does not have password auth method configured
{- "email": "string",
- "phone_number": "string",
- "username": "string",
- "password": "string"
}{- "result": {
- "valid_password": true,
- "errors": [
- {
- "code": "string",
- "message": "string"
}
]
}
}Retrieve ID and access tokens. This API is used to retrieve ID and access tokens using the code that was returned in the redirect URI as a query parameter (for example, when the user clicks a magic link). It may also create a new user if create_new_user was set to true in the send request and no user exists for the email address or phone number (depending on the flow).
{- "code": "GZxLFKTDCnlANVTxNvaWz7AIGPpXqZYSXdAwjiWRuOH",
- "client_id": "DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV",
- "client_secret": "FzxvdDMbvxnc45sdfb789XCVGEW6usazxcvbw3KPsb23"
}{- "id_token": "string",
- "access_token": "string",
- "refresh_token": "string",
- "is_user_created": true
}Logout the user from a specific session. The user and session are derived from the access token used to authorize the request (which was issued based on the authentication that created the session)
Sessions deleted Successfully
{- "sessions_count": 0
}