Authentication

There are three authentication methods available to the IdentityX API:

  1. AppUser authentication - Used by end-users of the IdentityX application to view and modify individual app user information.

  2. OrgUser authentication - Used by administrative users to manage application users, comments, and application/organization settings.

  3. OrgUser API Token authentication - Used with a permanent API token to perform tasks without user interaction.

Most use cases will use OrgUser authentication.

AppUser

A customer authentication token can be retrieved by:

  1. Executing the sendAppUserLoginLink mutation with a valid email address and x-app-id header. This will send an email with a "magic link" (containing a temporary JWT in the token parameter).

  2. Executing the loginAppUser mutation and supplying the token from the email. This is then exchanged for a long-lived authentication token.

When sending a request to either mutation, the x-app-id header must be sent, identifying the application the user belongs to.

When sending a request with AppUser authentication, send the token using Bearer authentication with the prefix AppUser:

POST /graphql HTTP/1.1
Content-Type: application/json
X-App-Id: 5d1b36070ce467bff670a052
Authorization: Bearer AppUser <app-user-token>
Host: identity-x.parameter1.com
Content-Length: 198

{"query":"query { activeAppUser { id email }"}

OrgUser

An administrative authentication token can be retrieved by:

  1. Executing the sendUserLoginLink mutation with a valid email address. This will send an email with a "magic link" (containing a temporary JWT in the token parameter).

POST /graphql HTTP/1.1
Content-Type: application/json
Host: identity-x.parameter1.com

{"query":"mutation { sendUserLoginLink(input: { email: \"foo@bar.baz\" })"}
  1. Executing the userLogin mutation and supplying the token from the email. This is then exchanged for a long-lived authentication token.

POST /graphql HTTP/1.1
Content-Type: application/json
Host: identity-x.parameter1.com

{"query":"mutation { userLogin (input: { token: \"<token-from-magic-link>\" }) { token { value } }"}

When sending a request with OrgUser authentication, send the token using Bearer authentication with the prefix OrgUser:

POST /graphql HTTP/1.1
Content-Type: application/json
Authorization: Bearer OrgUser <org-user-token>
Host: identity-x.parameter1.com

{"query":"query { activeUser { id email }"}

OrgUserAPIToken

A permanent API token can be obtained for use within scripts or API integrations. To create a token, you must first authenticate with OrgUser credentials.

Once you have obtained your OrgUser token, you can use the createActiveUserApiToken to generate a permanent API credential:

POST /graphql HTTP/1.1
Content-Type: application/json
Host: identity-x.parameter1.com
Authorization: Bearer OrgUser <org-user-api-token>

{"query":"mutation { createActiveUserApiToken }"}

When sending a request with your permanent API token, send the token using Bearer authentication with the prefix OrgUserApiToken:

POST /graphql HTTP/1.1
Content-Type: application/json
Authorization: Bearer OrgUserApiToken <org-user-api-token>
Host: identity-x.parameter1.com

{"query":"query { activeUser { id email }"}

Last updated