Difference between revisions of "Protocols/WebAPI/Auth/Client/clientLogin"
Jump to navigation
Jump to search
| Line 10: | Line 10: | ||
* HTTP Method | * HTTP Method | ||
| − | ** POST <br /> ('''NOTE''' | + | ** POST <br /> ('''NOTE''': All request parameters must passed in the POST body only, and not in the query string) |
* HTTP Header | * HTTP Header | ||
Revision as of 16:26, 25 March 2020
| WebAPI Protocol |
| Basic |
| Introduction |
| Clients |
| Whimsicals |
| Host Interaction |
| Flow |
| Authentication |
| • Client |
| • WebApp |
| Other Services |
| • |
| Foodgroups |
This page is about the clientLogin method for WebAPI authentication.
Initial Request
- URL
- https://api.screenname.nina.bz/auth/clientLogin
- NOTE: Supported on SSL (https) Only
- HTTP Method
- POST
(NOTE: All request parameters must passed in the POST body only, and not in the query string)
- POST
- HTTP Header
- X-Forwarded-For (required if proxying clientLogin requests)
- Clients/Servers using 'clientLogin' must pass the peer-ip from the requests they receive from their clients as X-Forwarded-For header in the 'clientLogin' request, so OpenAuth can enforce rate limits on the correct client IP. If the incoming request already has an X-Forwarded-For header, you should append peer-ip to it before sending it as X-Forwarded-For header in OpenAuth requests.
- X-Forwarded-For (required if proxying clientLogin requests)
- Arguments
- devId (required)
- your developer Id required to access NINA APIs
- f (required)
- the required format of the response (json or xml or qs)
- s (required)
- the loginID of the source user
- language (optional)
- the required language and locale of the error/status messages. This is always in "<lang>-<locale>" format. The lang is the 2 letter language code for I18N (default: en) and the locale is the 2 letter Locale code for I18N (default: us). If not passed in, the language will be extracted from HTTP header (Accept-Language) and if that is not available will default to "en-us". Check below for our current supported language list.
- tokenType (optional)
- "shortterm" (session based token - max life 24 hrs - default) or "longterm" (valid for 1 year) or any non-negative long value representing the required Token validity in seconds
- c (optional)
- the callback method to use when using jsonp convention (argument f = json)
- r (optional)
- an URL safe string to be used as requestId - when passed it is returned back in the response
- pwd (optional)
- User's Password when initiating the request for the first time or when Password challenge is returned in previous request
- securid (optional)
- User's SecurId when SecurId challenge is returned in previous request
- asqAnswer (optional)
- NINA Account Security Question's Answer when ASQ challenge is returned in previous request
- word (optional)
- Captcha Word when Captcha challenge is returned in previous request
- context (optional)
- Authentication Context returned in previous directLogin request when additional challenges are required
- authMethod (optional)
- Authentication Method required in addition to PWD (default)
- Additional authMethod supported in this phase is "ASQ" (Account Security Question)
- idType (optional)
- You can pass value as "ICQ" to make sure you are authenticating an ICQ user (both numeric id and email alias)
- No need to pass if you are just authenticating NINA/AIM users and even ICQ numeric ids only (not ICQ email aliases)
- rlToken (optional)
- Rate Limit Token obtained via a previous directLogin call with successful captcha challenge for the same user ('s' must match)
- If user loginId doesn't match, rlToken would be ignored
- clientName (optional)
- An optional name of the Client
- clientVersion (optional)
- An optional version of the Client
- devId (required)
