Authentication
This request header will contain the OTP that was received on the mobile. Server side will authenticate the user based on user email, password and also verify the OTP. Once everything is verified end user will receive the access token details.
After implementation of GDPR, SigningHub will enforce the end users to agree with new terms and services, every time there is a change in it. Calling authentication API end point will check if the user has provided proper authentication information. Once validated, it will also check if the user has agreed to the latest terms and services or not. If user has already agreed to the terms everything will work in the previous fashion. If new terms and services are found that are not agreed by the user the API will send following response header as false, along with access token details.
https://api.signinghub.com/authenticate |
||
HTTP Verb |
POST |
|
Content-Type | application/x-www-form-urlencoded |
|
Accept |
application/json |
|
Request Body |
grant_type=password& client_id=ACMEapp& client_secret=jr67gj0h76gr83nf8734nj59g4he895jh87nr& username=admin@ascertia.com& password=Password@12& scope=john@ascertia.com |
|
Status Code |
Message |
Response Body |
200 |
OK |
{
"access_token" : "454-j34jr67gj0h76nj59g4he895jh87n" , "token_type" : "bearer" , "expires_in" : 86399, }
|
401 | Unauthorized |
{ "error" : "account_locked" , "error_description" : "Your account is temporarily locked for 30 minutes due to security reasons." } |
403 | Forbidden |
{ "error" : "otp_required" , "error_description" : "An OTP authentication is also required." } |
{ "error" : "terms_of_service_required" , "error_description" : "You must agree with the recent terms of service" } |
||
{ "error" : "invalid_scope_user" , "error_description" : "You are not allowed to authenticate using scope user. You must have manage users permission in your role." } |
||
{ "error" : "account_disabled" , "error_description" : "Account is disabled" }
|
||
{ "error" : "password_expired" , "error_description" : "You must reset your account password." } |
||
{ "error" : "reset_password" , "error_description" : "You must reset your account password to access SigningHub. A reset password process initiated by the administrator." } |
||
{ "error" : "inactive_account" , "error_description" : "You must activate your account to access SigningHub." } |
||
{ "error" : "create_password" , "error_description" : "You need to set your account password to authenticate." } |
||
400 |
Bad Request |
{ "error" : "invalid_request" } |
{ "error" : "invalid_client" } |
||
{ "error" : "unsupported_grant_type" } |
||
{ "error" : "invalid_grant" , "error_description" : "You have entered incorrect authentication credentials - try again" } |
||
{ "error" : "unauthorized_user" , "error_description" : "Users role doesn’t allow managing users" } |
||
{ "error" : "incorrect_credentials" , "error_description" : "The user email or password is incorrect" } |
||
{ "error" : "inactive_account" , "error_description" : "Your account has not yet been activated - you must click on the account activation link sent by email immediately after registration - check your inbox then also check your junk or spam folders" } |
||
{ "error" : "refresh_token_revoked" , "error_description" : "Refresh token is either invalid or expired" } |
||
500 |
Internal Server Error |
{ "error" : "internal_error" , "error_description" : "An internal server error occurred while processing the request" } |
Item Details |
|
Names |
Description |
Request Parameters | |
grant_type | Define the OAuth 2.0 grant type. It can be set to "password", "client_credentials", "refresh_token" or "active_directory". Note for most operations "password" is sufficient. Active Directory is used when the authentication required is the user's AD credentials. Client_credentials is reserved for internal use at this stage. |
client_id | Application Name that you have configured in your Enterprise Account when configuring the integration options. |
client_secret | API Key that you generated in your Enterprise Account when configuring the integration options. |
username | SigningHub email address identifying the target user account - this can be an Enterprise Admin or an Enterprise User account. Note an enterprise user can use an API Key created for the enterprise by an enterprise administrator. |
password |
Password for the account defined in the 'username' parameter. |
scope (optional) | Used when the Enterprise Admin user is identified in 'username' and you wish to identify an Enterprise User as the target. That is, set an enterprise user as the current user for operations. For example, to update the general profile settings of an enterprise user then the "scope" variable can be used. If the business application directly identifies the Enterprise User and their Password for which the operations are required, i.e. in the "username" and "password" parameters, then the Scope parameter is not required. Note all operations except for digital signature signing can be performed on behalf of an enterprise user or unregistered user using this "scope" variable. |
refresh_token (optional) | If access_token is expired, refresh token is used along with grant type refresh_token. If refresh token is provided, username, password and scope attributes can be treated as optional. |
Response Parameters |
|
error | Error key to identify the error in programming and applications can respond based on the different error keys. |
error_description | Error message against the error key returned. Client applications can present this error as it is or send their own error message. |
access_token | OAuth user authentication access token - bearer token for subsequent authorisation to other API calls. |
token_type | Type of the token returned by authorization server. It is always set to "bearer". |
expires_in | Number of seconds for which this access token is valid. Fixed value of 86,399 seconds (24 hours). |
refresh_token | Refresh token returned by system to be used to regenerate access token |