1. Introduction

This document contains generated documentation for AMPnet user service. User service contains all endpoints need to manage user for AMPnet crowdfunding project. Source code is available on Github

2. Registration API

2.1. Social method

2.1.1. Sign up with Facebook

Request
POST /signup HTTP/1.1
Content-Type: application/json
Content-Length: 79
Host: localhost:8080

{
  "signup_method" : "FACEBOOK",
  "user_info" : {
    "token" : "token"
  }
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 199

{
  "uuid" : "e61001b4-6244-4646-8a74-c4847e650189",
  "email" : "johnsmith@gmail.com",
  "first_name" : "First",
  "last_name" : "Last",
  "role" : "USER",
  "enabled" : true,
  "verified" : false
}

2.1.2. Sign up with Google

Request
POST /signup HTTP/1.1
Content-Type: application/json
Content-Length: 77
Host: localhost:8080

{
  "signup_method" : "GOOGLE",
  "user_info" : {
    "token" : "token"
  }
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 199

{
  "uuid" : "e5ca8e49-1a9e-43a6-a25b-6466209c110f",
  "email" : "johnsmith@gmail.com",
  "first_name" : "First",
  "last_name" : "Last",
  "role" : "USER",
  "enabled" : true,
  "verified" : false
}

2.2. Email method

2.2.1. Sign up

Successful
Request
POST /signup HTTP/1.1
Content-Type: application/json
Content-Length: 168
Host: localhost:8080

{
  "signup_method" : "EMAIL",
  "user_info" : {
    "first_name" : "first",
    "last_name" : "last",
    "email" : "john@smith.com",
    "password" : "abcdefgh"
  }
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 195

{
  "uuid" : "b2410e23-42c6-48b1-bb3c-e330d6c91f83",
  "email" : "john@smith.com",
  "first_name" : "first",
  "last_name" : "last",
  "role" : "USER",
  "enabled" : false,
  "verified" : false
}
Invalid
Incomplete information
Request
POST /signup HTTP/1.1
Content-Type: application/json
Content-Length: 89
Host: localhost:8080

{
  "signup_method" : "EMAIL",
  "user_info" : {
    "email" : "filipduj@gmail.com"
  }
}
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 173

{
  "description" : "Incomplete signup information",
  "err_code" : "0101",
  "message" : "Some fields missing or could not be parsed from JSON request.",
  "errors" : { }
}
Invalid email
Request
POST /signup HTTP/1.1
Content-Type: application/json
Content-Length: 172
Host: localhost:8080

{
  "signup_method" : "EMAIL",
  "user_info" : {
    "first_name" : "first",
    "last_name" : "last",
    "email" : "invalid-mail.com",
    "password" : "passssword"
  }
}
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 186

{
  "description" : "Invalid controller request exception",
  "err_code" : "0807",
  "message" : "email Invalid email format. ",
  "errors" : {
    "email" : "Invalid email format"
  }
}
Short password
Request
POST /signup HTTP/1.1
Content-Type: application/json
Content-Length: 167
Host: localhost:8080

{
  "signup_method" : "EMAIL",
  "user_info" : {
    "first_name" : "first",
    "last_name" : "last",
    "email" : "invalid@mail.com",
    "password" : "short"
  }
}
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 184

{
  "description" : "Invalid controller request exception",
  "err_code" : "0807",
  "message" : "password Invalid Password. ",
  "errors" : {
    "password" : "Invalid Password"
  }
}
User exists
Request
POST /signup HTTP/1.1
Content-Type: application/json
Content-Length: 168
Host: localhost:8080

{
  "signup_method" : "EMAIL",
  "user_info" : {
    "first_name" : "first",
    "last_name" : "last",
    "email" : "john@smith.com",
    "password" : "abcdefgh"
  }
}
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 184

{
  "description" : "Signup failed because user exists",
  "err_code" : "0103",
  "message" : "Trying to create user with email that already exists: john@smith.com",
  "errors" : { }
}

2.2.2. Email confirmation

Successful Email confirmation
Request
GET /mail-confirmation?token=9ec837bc-006a-4468-b8a0-8efe36e637d9 HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Resend Email confirmation
Request
GET /mail-confirmation?token=ce550c18-6cea-40d4-9154-2aa5f9933e7e HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Failed Email confirmation
invalid token format
Request
GET /mail-confirmation?token=bezvezni-token-tak HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 181

{
  "description" : "Failed Email confirmation, invalid token format",
  "err_code" : "0104",
  "message" : "Token: bezvezni-token-tak is not in a valid format.",
  "errors" : { }
}
Non existing token
Request
GET /mail-confirmation?token=5ab0fea1-2789-47d8-aa71-28226e48c2fd HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 404 Not Found
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Token expired
Request
GET /mail-confirmation?token=8c5237a4-0cb2-4486-bd99-445183ef67b2 HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 210

{
  "description" : "Failed Email confirmation, token expired",
  "err_code" : "0105",
  "message" : "User is trying to confirm mail with expired token: 8c5237a4-0cb2-4486-bd99-445183ef67b2",
  "errors" : { }
}

2.2.3. Check Email

Email used
Request
POST /mail-check HTTP/1.1
Content-Type: application/json
Content-Length: 32
Host: localhost:8080

{
  "email" : "john@smith.com"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 56

{
  "email" : "john@smith.com",
  "user_exists" : true
}
Email not used
Request
POST /mail-check HTTP/1.1
Content-Type: application/json
Content-Length: 35
Host: localhost:8080

{
  "email" : "missing@email.com"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 60

{
  "email" : "missing@email.com",
  "user_exists" : false
}

2.3. Identyum token

Request
GET /identyum/token HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: text/plain;charset=UTF-8
Content-Length: 2071
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

{
  "access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwSTczcVJlS3dCWG82VDRVSHg5M0s1VzJ5cXJNODRBemxKQnNxZEVlTXhRIn0.eyJleHAiOjE1ODc2NDgyNjksImlhdCI6MTU4NzY0NjQ2OSwianRpIjoiM2U3MGU1ZGEtNDY3ZC00ZTk4LWE3NGYtMzZjNjM4ZGQ2NDVhIiwiaXNzIjoiaHR0cDovL2tleWNsb2FrOjgwODAvYXV0aC9yZWFsbXMvY2xpZW50cyIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiIyMDFkYzIzNy01OGNiLTRkZjUtYjUyYi04ZjJkMjc4OTFmZmQiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJpZGVudHl1bS1jbGllbnQiLCJzZXNzaW9uX3N0YXRlIjoiYjRiZDY0NjctY2I2ZS00YjNjLTkwYzctYzAzMWQyNzI5YTU0IiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJsb2dpbl9zbXMiLCJjbGllbnQiXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6ImVtYWlsIHByb2ZpbGUiLCJkZWJ1ZyI6InRydWUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6IkFNUG5ldCBJTyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFtcG5ldF9zdGFnZSIsImdpdmVuX25hbWUiOiJBTVBuZXQiLCJsb2NhbGUiOiJlbiIsImZhbWlseV9uYW1lIjoiSU8iLCJlbWFpbCI6Im1pc2xhdkBhbXBuZXQuaW8ifQ.C5eSkL59NhYGDicE3Yar_If72vx_Ii2sz7FpXK9SQmYLjNHLxIGc_F9C3VkCuZHM0-NmtGziK5f6NfBBknbE0fVV-KkjMp4QlqXUvk75QYLX_14hqowZPSE973MYd1rv3Vet0XiZ-mI8emKRESldUaxLfOLJbTWY-y3kcRRQrGySDxF4jnRiVoi8r4FMQmFNgZsytw3SXtz7inlo8G99rOgM8QSvxHU3A1RGnE3eztjl1koiG8P58jABABNQ-fv31A0W_zgwSLVnLEp5LHNX2Cx2v-ypjfQz58uFd4Fi5J9JlYBvjssMJD-n7GH87mqi1HhvTmJPBYuTLW4Wi7619w",
  "expires_in" : 1800,
  "refresh_expires_in" : 1800,
  "refresh_token" : "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIzMmI0OWU2ZC0yNGZhLTRjYmQtOTc3OC00NmJmYzZiMWQxM2MifQ.eyJleHAiOjE1ODc2NDgyNjksImlhdCI6MTU4NzY0NjQ2OSwianRpIjoiZmI4ZDZkOTUtMWU0ZS00MGJkLThjODgtZTFjZGQ1MTQ3MmM2IiwiaXNzIjoiaHR0cDovL2tleWNsb2FrOjgwODAvYXV0aC9yZWFsbXMvY2xpZW50cyIsImF1ZCI6Imh0dHA6Ly9rZXljbG9hazo4MDgwL2F1dGgvcmVhbG1zL2NsaWVudHMiLCJzdWIiOiIyMDFkYzIzNy01OGNiLTRkZjUtYjUyYi04ZjJkMjc4OTFmZmQiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoiaWRlbnR5dW0tY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6ImI0YmQ2NDY3LWNiNmUtNGIzYy05MGM3LWMwMzFkMjcyOWE1NCIsInNjb3BlIjoiZW1haWwgcHJvZmlsZSJ9.mOFw52MrGgZChNQ160s2PZpJSbxu-oqEde9ZfqcroWA",
  "session_state" : "b4bd6467-cb6e-4b3c-90c7-c031d2729a54"
}

2.4. Create Test User

Confirm email to enable user account

Request
POST /test/signup HTTP/1.1
Content-Type: application/json
Content-Length: 57
Host: localhost:8080

{
  "email" : "my@email.com",
  "password" : "password"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 191

{
  "uuid" : "2d240a4f-70c8-4788-97ff-17f572653752",
  "email" : "my@email.com",
  "first_name" : "TEST",
  "last_name" : "TEST",
  "role" : "USER",
  "enabled" : true,
  "verified" : false
}

3. Authentication API

3.1. Log in

3.1.1. Email

Request
POST /token HTTP/1.1
Content-Type: application/json
Content-Length: 119
Host: localhost:8080

{
  "login_method" : "EMAIL",
  "credentials" : {
    "email" : "john@smith.com",
    "password" : "Password175!"
  }
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 1041

{
  "access_token" : "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJqb2huQHNtaXRoLmNvbSIsInVzZXIiOiJ7XCJ1dWlkXCI6XCIyZDcxNGVjNi1iZTVkLTRlMjMtYTJmZC0xNjBmMWZiODk1MzJcIixcImVtYWlsXCI6XCJqb2huQHNtaXRoLmNvbVwiLFwibmFtZVwiOlwiZmlyc3RuYW1lIGxhc3RuYW1lXCIsXCJhdXRob3JpdGllc1wiOltcIlBST19QUk9GSUxFXCIsXCJQUk9fT1JHX0lOVklURVwiLFwiUFdPX09SR19JTlZJVEVcIixcIlJPTEVfVVNFUlwiXSxcImVuYWJsZWRcIjp0cnVlLFwidmVyaWZpZWRcIjpmYWxzZSxcImNvb3BcIjpcImFtcG5ldFwifSIsImlhdCI6MTYwMDQyNTA4MiwiZXhwIjoxNjAwNTExNDgyfQ.Hz-MOobsCkKXuAqq7zFT7z5zxXgovf_xPZ6aw9QHfa1TUa5ACFQ64CUVSZmfUccHUc97IeQJqWaqw0DaL-r9-REhpMzhsflo_UC4DKRK_88Epb5HCB0zI_urcV7HNmLIcqBit_WggMNUPGlyHbUWbX-H_pgBgqq6d4BoK-x9UFo93ZtRtHo2GdWeQ_ylrqAuQuba7Oynm-h_D9saiERzhpQwVmDeFPZrmth7EZcl11B8H3-mfMNO_4EK467XgYUjLu0BGbseea51t79KKCQFjLOfA4wucI6T8dmG3duhBd1pPu1ZH950Kexx9ioUBfnK-9axp-WBmpRb-aABVPCiFQ",
  "expires_in" : 86400000,
  "refresh_token" : "jj5BdBU2gS7dQZQ6PVrKu7MKP3QZ9DwfbxCXFq5_sOpW0MuLNhdHa-Lr6lkcVd4Z49l4ALPRXS8Rtkf4p0RmFs7lRRpXKsUd5dmK4s4quyVGy5qIRGz8-c6nj65JBgsh",
  "refresh_token_expires_in" : 7776000000
}

3.1.2. Google

Token in this case is obtained from Google on frontend, and then passed as request parameter.

Request
POST /token HTTP/1.1
Content-Type: application/json
Content-Length: 78
Host: localhost:8080

{
  "login_method" : "GOOGLE",
  "credentials" : {
    "token" : "token"
  }
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 1041

{
  "access_token" : "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJqb2huQHNtaXRoLmNvbSIsInVzZXIiOiJ7XCJ1dWlkXCI6XCI4MWQzNTE2MC00Nzg2LTQ3NGEtYWUxMi03OWRkMjZlZTFhMmJcIixcImVtYWlsXCI6XCJqb2huQHNtaXRoLmNvbVwiLFwibmFtZVwiOlwiZmlyc3RuYW1lIGxhc3RuYW1lXCIsXCJhdXRob3JpdGllc1wiOltcIlBST19QUk9GSUxFXCIsXCJQUk9fT1JHX0lOVklURVwiLFwiUFdPX09SR19JTlZJVEVcIixcIlJPTEVfVVNFUlwiXSxcImVuYWJsZWRcIjp0cnVlLFwidmVyaWZpZWRcIjpmYWxzZSxcImNvb3BcIjpcImFtcG5ldFwifSIsImlhdCI6MTYwMDQyNTA4NCwiZXhwIjoxNjAwNTExNDg0fQ.hJI54VHTefqn7FbHTW8Ng3pHCQd43jwhgpuHcQM0eMPB8VfenIgqMd-Gu1jFvRhJuYaNaB6bGdApsQJwGnY6FCY1GxiUWaz9q0E5OEpgLeE0d8_UCRdTioVnw8dj__10tacAOLv-8BkWdTdXgZBUS9tpeeHrBx-rF5K78phOfao-F7CJE6hXEZce5ZC8tgR77L7c1IFj7In4FvZCdCRYc7DA_EnFeQnM6RRZkdyTjOrnVtN50_JaY3sFQ13VBL5R-XKMdIHub9rQB3iz348zVVE1x8IjoHYxhuL3WkrVlLdntozvDYOS_us3OV3f11ZV5gQNPeMUzmjtuuEmk48A0A",
  "expires_in" : 86400000,
  "refresh_token" : "0Q2iKYruuOyjk-NzF5FHUZaUJKy1bpp8o_3YFBMem3LL54z_zxK1IMMZil8XUr_tBdbh4nTgrOFvKi4OQYTuECmq5jEMQ2a_sulvqss8+32h5KZ3Qabe6gvn6ZlQcWD9",
  "refresh_token_expires_in" : 7776000000
}

3.1.3. Facebook

Token in this case is obtained from Facebook on frontend, and then passed as request parameter.

Request
POST /token HTTP/1.1
Content-Type: application/json
Content-Length: 80
Host: localhost:8080

{
  "login_method" : "FACEBOOK",
  "credentials" : {
    "token" : "token"
  }
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 1041

{
  "access_token" : "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJqb2huQHNtaXRoLmNvbSIsInVzZXIiOiJ7XCJ1dWlkXCI6XCI1OGNhNDY4MC02MmUxLTRmZGItYWVhNi01YmRhY2FkOTc1MGNcIixcImVtYWlsXCI6XCJqb2huQHNtaXRoLmNvbVwiLFwibmFtZVwiOlwiZmlyc3RuYW1lIGxhc3RuYW1lXCIsXCJhdXRob3JpdGllc1wiOltcIlBST19QUk9GSUxFXCIsXCJQUk9fT1JHX0lOVklURVwiLFwiUFdPX09SR19JTlZJVEVcIixcIlJPTEVfVVNFUlwiXSxcImVuYWJsZWRcIjp0cnVlLFwidmVyaWZpZWRcIjpmYWxzZSxcImNvb3BcIjpcImFtcG5ldFwifSIsImlhdCI6MTYwMDQyNTA4MywiZXhwIjoxNjAwNTExNDgzfQ.Fep7CwJR4HCIPckpgULU6oG6hqiqUAO83q_Hom3IqB2d-0L0aGlcpJQe41gl-wN1MPyclrQEQzRldvSG2OY73KnAGJ6zQFj2wUi6Y36YdzskQbhuDQnkoHkTReo_SzRSaxZnnO3uLLJdExk3KBt36Pxn2ZohWEbwBan3jCiNmwwjNBESFNF6EdYuMtw5GC-0C9wuBm7GJG1PbmE4V7p3FeCmW0NadPyvrepqs7g-otIhd8oiADudnD4qvPMa7f6Y9iAM6s3hqQHxb6IzqfNEjG2V5_Po7Lzsmz5-DkRJcyy6uvOE1hrKmeyPCKZXsU-3wJbofpbVUad3wxZuaPE2Fw",
  "expires_in" : 86400000,
  "refresh_token" : "3IOsQD6flahkG0GVyxmxU8iPwZcX+NFyuY0tTo51E7dTI7Jh2qF3ZWhyJDLAnkcdLgCKl2POk71Xp4XVsHxAgpNz3syOlMwBPzh5YuZu+8zh4g1qKB_WbEv8ywg0+a5r",
  "refresh_token_expires_in" : 7776000000
}

3.1.4. Invalid login

Invalid credentials
Request
POST /token HTTP/1.1
Content-Type: application/json
Content-Length: 121
Host: localhost:8080

{
  "login_method" : "EMAIL",
  "credentials" : {
    "email" : "john@smith.com",
    "password" : "wrong-password"
  }
}
Response
HTTP/1.1 401 Unauthorized
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Invalid login method

For example, user was registered using regular method (filling out email, password…​) but he is trying to login using Google oauth.

Request
POST /token HTTP/1.1
Content-Type: application/json
Content-Length: 78
Host: localhost:8080

{
  "login_method" : "GOOGLE",
  "credentials" : {
    "token" : "token"
  }
}
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 164

{
  "description" : "Invalid login method",
  "err_code" : "0201",
  "message" : "User registered using: EMAIL but trying to login with: GOOGLE",
  "errors" : { }
}
Non-existing user login
Request
POST /token HTTP/1.1
Content-Type: application/json
Content-Length: 119
Host: localhost:8080

{
  "login_method" : "EMAIL",
  "credentials" : {
    "email" : "john@smith.com",
    "password" : "Password175!"
  }
}
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 147

{
  "description" : "Non existing user",
  "err_code" : "0301",
  "message" : "User with email: john@smith.com does not exists",
  "errors" : { }
}

3.2. Refresh token

Request
POST /token/refresh HTTP/1.1
Content-Type: application/json
Content-Length: 59
Host: localhost:8080

{
  "refresh_token" : "9asdf90asf90asf9asfis90fkas90fkas"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 943

{
  "access_token" : "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJqb2huQHNtaXRoLmNvbSIsInVzZXIiOiJ7XCJ1dWlkXCI6XCIxZmEyZjg2ZS01ZDI2LTRkYzEtYmVlZC01YzZkMGJiMTgyZDNcIixcImVtYWlsXCI6XCJqb2huQHNtaXRoLmNvbVwiLFwibmFtZVwiOlwiZmlyc3RuYW1lIGxhc3RuYW1lXCIsXCJhdXRob3JpdGllc1wiOltcIlBST19QUk9GSUxFXCIsXCJQUk9fT1JHX0lOVklURVwiLFwiUFdPX09SR19JTlZJVEVcIixcIlJPTEVfVVNFUlwiXSxcImVuYWJsZWRcIjp0cnVlLFwidmVyaWZpZWRcIjpmYWxzZSxcImNvb3BcIjpcImFtcG5ldFwifSIsImlhdCI6MTYwMDQyNTA4MywiZXhwIjoxNjAwNTExNDgzfQ.cJdQ4RB3l9U-5VkBWKoNru4NjaRVpkfT8Wio3T1oIEfJ5uAFAwHOVBi3ZcDvUfui-CrT_7clXeHi1RGL_C8HGNAF_67J67Aq7fiEuzJelCcEO9F7KxPgNQwcKrQGWFqOQVovk6lkA8gwsbSh-GCEc_f9g_vcqZephU-MZIkUUfERbBZH41z4VN1WAvQgEETlUyGkBBwdrM8ZdsYGCGt11NjLSr6Qn3pP_l0Yy1GR72xnHvYmRHBHCwQtZSM77ddCzB3RMfNWQTGengy8GOA-0tEk4QaOQRIMZaALfLk7SkUw_hO7B1pa9wXo8wgvBOw7M_xyuREu-wO63UNUzj8SWQ",
  "expires_in" : 86400000,
  "refresh_token" : "9asdf90asf90asf9asfis90fkas90fkas",
  "refresh_token_expires_in" : 7772400
}

3.3. Forgot password

3.3.1. Generate token - send mail

Request
POST /forgot-password/token HTTP/1.1
Content-Type: application/json
Content-Length: 32
Host: localhost:8080

{
  "email" : "john@smith.com"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

3.3.2. Change password using token

Request
POST /forgot-password HTTP/1.1
Content-Type: application/json
Content-Length: 89
Host: localhost:8080

{
  "new_password" : "new-password",
  "token" : "e0788f46-82da-4805-9d18-4cde99acf4de"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 202

{
  "uuid" : "4bf3fc4e-7f6d-4366-8a17-3ae1e54f9ee2",
  "email" : "john@smith.com",
  "first_name" : "firstname",
  "last_name" : "lastname",
  "role" : "USER",
  "enabled" : true,
  "verified" : false
}

3.4. Logout

Request
POST /logout HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

4. User API

All requests need header: Authorization: Bearer JWT.

4.1. Get own profile

Request
GET /me HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 201

{
  "uuid" : "b2d05e1c-9348-40cc-a41e-4f6c06a80035",
  "email" : "test@test.com",
  "first_name" : "firstname",
  "last_name" : "lastname",
  "role" : "USER",
  "enabled" : true,
  "verified" : false
}

4.2. Verify account

To verify account user must complete Identyum registration and send auth token data session_state. session_state uuid is equal to received Identyum data clientSessionUuid. Verification overrides user’s first and last name defined in registration with verified Identyum data.

Request
POST /me/verify HTTP/1.1
Content-Type: application/json
Content-Length: 62
Host: localhost:8080

{
  "session_state" : "3d3cf681-cab3-4261-808a-24fd912fa953"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 201

{
  "uuid" : "8a733721-9bb3-48b1-90b9-6463ac1493eb",
  "email" : "user@email.com",
  "first_name" : "firstname",
  "last_name" : "lastname",
  "role" : "USER",
  "enabled" : true,
  "verified" : true
}

4.3. Change password

Request
POST /me/password HTTP/1.1
Content-Type: application/json
Content-Length: 70
Host: localhost:8080

{
  "old_password" : "oldPassword",
  "new_password" : "newPassword"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 202

{
  "uuid" : "8a733721-9bb3-48b1-90b9-6463ac1493eb",
  "email" : "user@email.com",
  "first_name" : "firstname",
  "last_name" : "lastname",
  "role" : "USER",
  "enabled" : true,
  "verified" : false
}

4.4. Bank account

Collection of endpoints for user bank account.

4.4.1. Get accounts

Request
GET /bank-account HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 348

{
  "bank_accounts" : [ {
    "id" : 3,
    "iban" : "HR1723600001101234565",
    "bank_code" : "DABAIE2D",
    "created_at" : "2020-09-18T10:31:21.545Z",
    "alias" : "alias"
  }, {
    "id" : 4,
    "iban" : "AZ96AZEJ00000000001234567890",
    "bank_code" : "NTSBDEB1",
    "created_at" : "2020-09-18T10:31:21.55Z",
    "alias" : "alias"
  } ]
}

4.4.2. Create account

Tip
alias data is optional.
Request
POST /bank-account HTTP/1.1
Content-Type: application/json
Content-Length: 87
Host: localhost:8080

{
  "iban" : "HR1723600001101234565",
  "bank_code" : "DABAIE2D",
  "alias" : "alias"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 144

{
  "id" : 2,
  "iban" : "HR1723600001101234565",
  "bank_code" : "DABAIE2D",
  "created_at" : "2020-09-18T10:31:21.287Z",
  "alias" : "alias"
}

4.4.3. Delete account

Request
DELETE /bank-account/1 HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

5. Admin API

All requests need header: Authorization: Bearer JWT.

5.1. Get users

Must have Admin role - privilege: PrivilegeType.PRA_PROFILE. List of users is pageable. Define size of the list using param: size and page number with param: page. List can be sorted using param: sort (e.g. sort=email,asc).

5.1.1. All users

Successful get a list of all users
Request
GET /admin/user HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 273

{
  "users" : [ {
    "uuid" : "fd6a1733-527d-4535-ab7e-aaa3160a9072",
    "email" : "test@email.com",
    "first_name" : "firstname",
    "last_name" : "lastname",
    "role" : "USER",
    "enabled" : true,
    "verified" : false
  } ],
  "page" : 0,
  "total_pages" : 1
}
Successful get paging list of users
Request
GET /admin/user?size=3&page=1&sort=email%2Casc HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 494

{
  "users" : [ {
    "uuid" : "68ecca53-ed0c-4e9f-9808-4f92a369ffe9",
    "email" : "test2@email.com",
    "first_name" : "firstname",
    "last_name" : "lastname",
    "role" : "USER",
    "enabled" : true,
    "verified" : false
  }, {
    "uuid" : "47bd4025-04c4-4814-9217-4dfc79886114",
    "email" : "test@email.com",
    "first_name" : "firstname",
    "last_name" : "lastname",
    "role" : "USER",
    "enabled" : true,
    "verified" : false
  } ],
  "page" : 1,
  "total_pages" : 2
}
Failed to get a list of users

Missing privilege: PRA_PROFILE.

Request
GET /admin/user HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 403 Forbidden
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

5.1.2. Admin users

Request
GET /admin/user/admin?size=10&page=0 HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 273

{
  "users" : [ {
    "uuid" : "586b3c3b-6e42-46bb-9238-2bff886f3bae",
    "email" : "admin@role.com",
    "first_name" : "firstname",
    "last_name" : "lastname",
    "role" : "ADMIN",
    "enabled" : true,
    "verified" : true
  } ],
  "page" : 0,
  "total_pages" : 1
}

5.2. Find user

5.2.1. By UUID

Request
GET /admin/user/7c7512d9-5eab-42c3-9ac3-2e70d4796942 HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 202

{
  "uuid" : "7c7512d9-5eab-42c3-9ac3-2e70d4796942",
  "email" : "john@smith.com",
  "first_name" : "firstname",
  "last_name" : "lastname",
  "role" : "USER",
  "enabled" : true,
  "verified" : false
}

5.2.2. By Email

Request
GET /admin/user/find?email=john&size=20&page=0 HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 498

{
  "users" : [ {
    "uuid" : "f943ea16-bc67-4e7c-aba4-0d97570ec1d1",
    "email" : "john@smith.com",
    "first_name" : "firstname",
    "last_name" : "lastname",
    "role" : "USER",
    "enabled" : true,
    "verified" : false
  }, {
    "uuid" : "3b2e2b8f-6274-483b-b744-4747ca10b9be",
    "email" : "john.wayne@mail.com",
    "first_name" : "firstname",
    "last_name" : "lastname",
    "role" : "USER",
    "enabled" : true,
    "verified" : false
  } ],
  "page" : 0,
  "total_pages" : 1
}

5.3. Change user role

Must have Admin role - privilege: PrivilegeType.PWA_PROFILE.

5.3.1. Successfully change

Request
POST /admin/user/f1308204-1684-4d39-8529-af1f46e0d9ed/role HTTP/1.1
Content-Type: application/json
Content-Length: 21
Host: localhost:8080

{
  "role" : "USER"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 202

{
  "uuid" : "f1308204-1684-4d39-8529-af1f46e0d9ed",
  "email" : "admin@role.com",
  "first_name" : "firstname",
  "last_name" : "lastname",
  "role" : "USER",
  "enabled" : true,
  "verified" : false
}

5.3.2. Missing privilege to change role

Missing privilege: PWA_PROFILE

Request
POST /admin/user/eed86c1a-ce4c-48f9-ba51-9343b66bd5d4/role HTTP/1.1
Content-Type: application/json
Content-Length: 22
Host: localhost:8080

{
  "role" : "ADMIN"
}
Response
HTTP/1.1 403 Forbidden
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

5.4. Create user

Must have Admin role - privilege: PrivilegeType.PWA_PROFILE.

Request
POST /admin/user HTTP/1.1
Content-Type: application/json
Content-Length: 129
Host: localhost:8080

{
  "email" : "john@smith.com",
  "first_name" : "first",
  "last_name" : "last",
  "password" : "password",
  "role" : "ADMIN"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 194

{
  "uuid" : "bbcaf10b-ad08-4f4d-8338-61616b68a07b",
  "email" : "john@smith.com",
  "first_name" : "first",
  "last_name" : "last",
  "role" : "ADMIN",
  "enabled" : true,
  "verified" : true
}

5.5. Count users

  • registered all registered users on platform

  • activated completed KYC and registered on the platform

  • deleted have deactivated their account on the platform

Request
GET /admin/user/count HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 58

{
  "registered" : 4,
  "activated" : 2,
  "deleted" : 1
}

6. Public API

6.1. Count users

Number of all registered users on platform

Request
GET /public/user/count HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 22

{
  "registered" : 2
}