Authentication
There are three authentication methods available to the IdentityX API:
AppUser authentication - Used by end-users of the IdentityX application to view and modify individual app user information.
OrgUser authentication - Used by administrative users to manage application users, comments, and application/organization settings.
OrgUser API Token authentication - Used with a permanent API token to perform tasks without user interaction.
Most use cases will use OrgUser
authentication.
AppUser
A customer authentication token can be retrieved by:
Executing the
sendAppUserLoginLink
mutation with a valid email address andx-app-id
header. This will send an email with a "magic link" (containing a temporary JWT in thetoken
parameter).Executing the
loginAppUser
mutation and supplying thetoken
from the email. This is then exchanged for a long-lived authentication token.
When sending a request to either mutation, the x-app-id
header must be sent, identifying the application the user belongs to.
When sending a request with AppUser authentication, send the token using Bearer authentication with the prefix AppUser
:
POST /graphql HTTP/1.1
Content-Type: application/json
X-App-Id: 5d1b36070ce467bff670a052
Authorization: Bearer AppUser <app-user-token>
Host: identity-x.parameter1.com
Content-Length: 198
{"query":"query { activeAppUser { id email }"}
OrgUser
An administrative authentication token can be retrieved by:
Executing the
sendUserLoginLink
mutation with a valid email address. This will send an email with a "magic link" (containing a temporary JWT in thetoken
parameter).
POST /graphql HTTP/1.1
Content-Type: application/json
Host: identity-x.parameter1.com
{"query":"mutation { sendUserLoginLink(input: { email: \"[email protected]\" })"}
Executing the
userLogin
mutation and supplying thetoken
from the email. This is then exchanged for a long-lived authentication token.
POST /graphql HTTP/1.1
Content-Type: application/json
Host: identity-x.parameter1.com
{"query":"mutation { userLogin (input: { token: \"<token-from-magic-link>\" }) { token { value } }"}
When sending a request with OrgUser
authentication, send the token using Bearer
authentication with the prefix OrgUser
:
POST /graphql HTTP/1.1
Content-Type: application/json
Authorization: Bearer OrgUser <org-user-token>
Host: identity-x.parameter1.com
{"query":"query { activeUser { id email }"}
OrgUserAPIToken
A permanent API token can be obtained for use within scripts or API integrations. To create a token, you must first authenticate with OrgUser credentials.
Once you have obtained your OrgUser
token, you can use the createActiveUserApiToken
to generate a permanent API credential:
POST /graphql HTTP/1.1
Content-Type: application/json
Host: identity-x.parameter1.com
Authorization: Bearer OrgUser <org-user-api-token>
{"query":"mutation { createActiveUserApiToken }"}
When sending a request with your permanent API token, send the token using Bearer
authentication with the prefix OrgUserApiToken
:
POST /graphql HTTP/1.1
Content-Type: application/json
Authorization: Bearer OrgUserApiToken <org-user-api-token>
Host: identity-x.parameter1.com
{"query":"query { activeUser { id email }"}
Last updated