/users
endpoint and receives a User object with an embedded authentication token./verifications
endpoint. For some verification methods, this is a single step since the data will be provided immediately (e.g. passport, driver's license, etc.). In other cases, this is a two-step process since the user must wait for verification data to arrive (e.g. SMS, email).verifications
array along with the user field being verified.phone
, and the verification's value (from the process above) matches the user's phone number, the user's phone number becomes verified. Verification objects of all types can be attached to the user, but only phone
and email
types will affect the user object directly./tokens
endpoint and receives an authentication token. The login can be either a single step process (e.g. username + password) or a two-step process, where the user needs to provide a secret such as in the case of a phone number + SMS code flow./sessions
endpoint, sending the authentication token with the Authorization: Basic
header. If the authentication token is active, a session token object is returned. If the server replies with a 401 Unauthorized the authentication token is either invalid or has expired. If the server replies with a 400 Bad Request the user account is invalid (e.g. has been locked).Authorization: Bearer
header for each request to the endpoints. If the server replies with a 401 Unauthorized the session token is either invalid or has expired.