Password Authentication

Endpoint for authentication using an email and password for a user already registered at Verifiable. In return you will receive an access token that can be used in the following API calls.

Note: The account may require a password change for successful authentication. If password change is required and newPassword is not set the server returns 409 Conflict. If newPassword is set but the current password is not correct the server returns 403 Forbidden.

Note: If newPassword is set it must be different than the current password. If the password is the same the server returns 400 Bad Request.

Note: When newPassword is set and the request returns 200 Ok, all the active access tokens will be invalidated.

Request
Request Body schema: application/json
email
required
string non-empty

The email address of a previously registered user.

required
object (SensitiveString)

If includeSensitiveInfo query parameter set to true the value will be shown in the response, otherwise it will be masked with *.

object (SensitiveString)

If includeSensitiveInfo query parameter set to true the value will be shown in the response, otherwise it will be masked with *.

timeToLive
string <timespan>

If set, the created token will expire after the duration specified by this parameter. Note that the token will still be expired after 4 weeks of no use, regardless of the time to live. Additionally there might be a limit set for your organization. If the requested time-to-live exceeds this limit the token will be capped to that limit.

Responses
200

Success

400

Bad Request

401

Unauthorized

403

Forbidden

409

Conflict

500

Server Error

post/auth/token/password
Request samples
application/json
{
  • "email": "john.doe@mail.com",
  • "password": "secret",
  • "newPassword": "even-more-secret",
  • "timeToLive": "00:30:00"
}
Response samples
application/json
{
  • "tokenId": "0847312d-19fe-49d2-9e21-5825735b511a",
  • "token": "MtetyFcIW...xgXXX-Z4yy"
}