xclade
Admin APIAuth

Validate Authentication Callback

This API route is used by your dashboard or frontend application when a third-party provider redirects to it after authentication. It validates the authentication with the third-party provider and, if successful, returns an authentication token. All query parameters received from the third-party provider, such as `code`, `state`, and `error`, must be passed as query parameters to this route. You can decode the JWT token using libraries like [react-jwt](https://www.npmjs.com/package/react-jwt) in the frontend. If the decoded data doesn't have an `actor_id` property, then you must create a user, typically using the Accept Invite route passing the token in the request's Authorization header.

POST
/auth/user/{auth_provider}/callback

Path Parameters

auth_provider*string

The provider used for authentication.

Response Body

application/json

application/json

text/plain

application/json

application/json

application/json

application/json

curl -X POST "https://{tenant}.api.myxclade.com/auth/user/google/callback"
{
  "token": "string"
}

{
  "message": "Discount must be set to dynamic",
  "type": "not_allowed"
}

"Unauthorized"
{
  "message": "Entity with id 1 was not found",
  "type": "not_found"
}
{
  "code": "unknown_error",
  "message": "The request conflicted with another request. You may retry the request with the provided Idempotency-Key.",
  "type": "QueryRunnerAlreadyReleasedError"
}
{
  "code": "invalid_request_error",
  "message": "Discount with code TEST already exists.",
  "type": "duplicate_error"
}

{
  "code": "api_error",
  "message": "An error occured while hashing password",
  "type": "database_error"
}

Authenticate User

Authenticate a user and receive the JWT token to be used in the header of subsequent requests. When used with a third-party provider, such as Google, the request returns a `location` property. You redirect to the specified URL in your frontend to continue authentication with the third-party service.

Generate Reset Password Token for Admin User

Generate a reset password token for an admin user. This API route doesn't reset the admin's password or send them the reset instructions in a notification. Instead, This API route emits the `auth.password_reset` event, passing it the token as a payload. You can listen to that event in a subscriber as explained in [this guide](https://), then send the user a notification. The notification is sent using a [Notification Module Provider](https://), and it should have the URL to reset the password in the xclade Admin dashboard, such as `http://localhost:9000/app/reset-password?token=123`. Use the generated token to update the user's password using the [Reset Password API route](https://).