xclade
Admin APIAuth

Authenticate User

Authenticate a user and receive the JWT token to be used in the header of subsequent requests. When used with a third-party provider, such as Google, the request returns a `location` property. You redirect to the specified URL in your frontend to continue authentication with the third-party service.

POST
/auth/user/{auth_provider}

Path Parameters

auth_provider*string

The provider used for authentication.

Request Body

application/json

Response Body

application/json

application/json

text/plain

application/json

application/json

application/json

application/json

curl -X POST "https://{tenant}.api.myxclade.com/auth/user/emailpass" \  -H "Content-Type: application/json" \  -d '{}'
{
  "token": "string"
}

{
  "message": "Discount must be set to dynamic",
  "type": "not_allowed"
}

"Unauthorized"
{
  "message": "Entity with id 1 was not found",
  "type": "not_found"
}
{
  "code": "unknown_error",
  "message": "The request conflicted with another request. You may retry the request with the provided Idempotency-Key.",
  "type": "QueryRunnerAlreadyReleasedError"
}
{
  "code": "invalid_request_error",
  "message": "Discount with code TEST already exists.",
  "type": "duplicate_error"
}

{
  "code": "api_error",
  "message": "An error occured while hashing password",
  "type": "database_error"
}

Retrieve Registration JWT Token

This API route retrieves a registration JWT token of a user that hasn't been registered yet. The token is used in the header of requests that create a user, such as the Accept Invite API route.

Validate Authentication Callback

This API route is used by your dashboard or frontend application when a third-party provider redirects to it after authentication. It validates the authentication with the third-party provider and, if successful, returns an authentication token. All query parameters received from the third-party provider, such as `code`, `state`, and `error`, must be passed as query parameters to this route. You can decode the JWT token using libraries like [react-jwt](https://www.npmjs.com/package/react-jwt) in the frontend. If the decoded data doesn't have an `actor_id` property, then you must create a user, typically using the Accept Invite route passing the token in the request's Authorization header.