Login

Use the login endpoint to authenticate your user and allow them to access secure endpoints.

caution

If your application is available on Safari please use the noATCookie parameter to get the access token in the response headers. Safari by default blocks 3rd party cookies, so you won't be able to use authentication.

Request data#

HTTP method: POST

URL format: https://baseUrl/versionNumber/customEndpointRoute/userEndpoint?key=apiKey&login=true[&dataOnly=true][&noATCookie=true]

Example:

https://app.yawe.dev/api/1/ce/examples/auth?key=d59eb2859c284168ac48aef65046d5dd&login=true[&dataOnly=true][&noATCookie=true]

Request Headers#

HeaderRequiredDescription
Content-TypeYesSpecifies the MIME type of the body of the Request.

It must be application/json.

Request Parameters#

The following table describes the Request parameters.

ParameterDescriptionRequired
baseUrlBase url for calling the API.

Value: app.yawe.dev/api

Yes
versionNumberService version.

Value: The current value is 1.

Yes
customEndpointRouteThe route which identifies custom endpoints.

Default value: ce

Yes
userEndpointThe endpoint name generated by the user.

Value: the name created at https://app.yawe.dev

Yes
keyThe API Key of the project.Yes
loginRequired to perform a login.

Value: true

Yes
dataOnlyIf used, the endpoint response will be the POST body, without additional information such as ‘uniqueId’.

Value: true

No
noATCookie

If used, the access token will be returned in the Authorization header instead of the httpOnly cookie. Use this if your application will be available on Safari, since 3rd party cookies are blocked by default.

You should also use this if you plan to use authentication on non browser environments.

Value: true

No

POST body#

The login endpoint expects a JSON with user credentials.

See the table below for more details:

ParameterDescriptionRequired
usernameType: StringYes - if email is not used
emailType: StringYes - if username is not used
password

The user password.

Type: String

Yes

Note: Your users can log in with username or email, not both.

Response data#

Error codes#

Error codeDescription
400Possible reasons:
  • Endpoint or API Key not valid.
  • Wrong Content-Type, it only accepts "application/json".
  • Empty Request body.
  • If username/email or password are not present in the request body.
401Invalid credentials.
403Missing API Key, not allowed origin or disallowed request without orign.

Successful response#

{
uniqueId: "3f38bf9e1bb54d2396d1f1b8fbba1630",
data: { username: "usernameeee" },
createdAt: "2020-12-27T10:58:45.000Z",
updatedAt: "2020-12-27T10:58:45.000Z"
}

Response Cookies#

CookieDescription
__Secure-yawe-access-tokenIf the credentials are valid, the access token is sent in a httpOnly cookie as part of the response. httpOnly cookies are not accessible via JS.

This token/cookie is valid for 30 days.

To generate a new one a new login is required.

This cookie is deleted when logout is performed.

Note: The cookie is only returned if the noATCookie parameter is not used.

Response Headers#

HeaderDescription
Authorization

If the credentials are valid and the noATCookie parameter is used, the access token will be returned in the Authorization header following the Bearer schema.

The access token should be stored on the client side and sent in the Authorization header of the request for secure endpoints.