POST /token/session
When an application that implements UNLOQ (that has remote logout enabled), is unable to send the session id and its duration via the first
/token call, it may use this endpoint as a backup. Either token or approval_id must be specified.
POST https://api-authenticator.iwelcome.com/v1/token/session
Headers:
Authorization: Bearer {your application API Key}
Content-Type: application/json
Body Parameters
token(string) - previously user-generated authentication tokenapproval_id(string) - Or previously user-generated authentication approval id-
sid(string, required) - The session ID, generated by your application for the authenticated user. -
duration(integer) - The number of seconds the session is considered active, before UNLOQ will consider it terminated.
Result format (200 OK)
{
"type": "api.application.approval.session",
"result": {}
}
Notes
Your application has at most 1 minute to send the session id, after which it will not be able to do that anymore. Once a session id was attached to the token, no other session id can be re-attached to it.
Example flow 1
- Request user information attached to the access token (call
POST /token) - Verify user credentials, create/update account locally
- Generate session id and send it, by calling
POST /token/sessionwithsidandtoken
Example flow 2
- Perform a POST to /authenticate with
generate_token=false - Verify user credentials, create/update account locally
- Generate session id and send it, by calling
POST /token/sessionwithsidandapproval_id
Have a question? You can always send us an email at support@unloq.io, or contact us on chat.
For security related concerns, please visit our Security page.