Authentication
XSignals API allows both basic auth and bearer tokens to be used to access the API. XSignals API expects one type of authentication to be included in all API requests. For brevity, we will leave the authentication method out of the examples.
To authenticate, use Bearer Token or Basic Authentication:
curl "https://api.xsignals.xpansiv.com/"
-H "Authorization: Bearer yourAccessToken"
curl "https://api.xsignals.xpansiv.com/"
-u username:password ...Change Password
Allows the user to change their password.
curl -X POST
https://api.xsignals.xpansiv.com/auth/changePassword
-d '{
"password": "new user password"
}'If successful, the above command returns status code 200, otherwise please check Errors section.
HTTP Request
POST https://api.xsignals.xpansiv.com/auth/changePassword
Request Body
| Parameter | Description |
|---|---|
| password | new user password |
Log In
This endpoint returns a jwt access token and a refresh token. When the access token expires, the refresh token can be used to generate a new one. You will need to use Basic Auth to retrieve the jwt tokens.
curl -u 'login:password'
https://api.xsignals.xpansiv.com/auth/loginIf successful, the above command returns a status code 200 and token, otherwise please check Errors section.
{
"token": "your access token",
"refreshToken": "your refresh token"
}HTTP Request
GET https://api.xsignals.xpansiv.com/auth/login
Request Header
| Parameter | Description |
|---|---|
| userName | userName of account |
| password | password of account |
Refresh Access Token
This endpoint returns a new access token.
curl -X POST
https://api.xsignals.xpansiv.com/auth/refresh
-d '{
"refreshToken": "your refresh token"
}'If successful, the above command returns a status code 200 and token, otherwise please check Errors section.
{
"token": "your access token",
"refreshToken": "your refresh token"
}HTTP Request
POST https://api.xsignals.xpansiv.com/auth/refresh
Request Body
| Parameter | Description |
|---|---|
| refreshToken | your refresh token |
Log out
Log out the user by invalidating the refresh token.
curl -X POST
https://api.xsignals.xpansiv.com/auth/logout
-H "Authorization: Bearer yourAccessToken"
-d '{
"refreshToken": "your refresh token"
}'If successful, the above command returns status code 200, otherwise please check Errors section.
HTTP Request
POST https://api.xsignals.xpansiv.com/auth/logout
Request Body
| Parameter | Description |
|---|---|
| refreshToken | your refresh token |
SSO (Auth0) tokens
In order to use the API via SSO, an Auth0 access token is necessary. This token can be obtained by calling the token endpoint in the Auth0 server with the appropriate credentials. The Auth0 server should respond with a valid token that can be used in the API requests, passed in the Authorization header ("Authorization: Bearer auth0Token").
curl -X POST
https://auth.xpansiv.com/oauth/token
-d '{
"username": "your username",
"password": "your Auth0 password",
"grant_type": "http://auth0.com/oauth/grant-type/password-realm",
"realm": "Username-Password-Authentication",
"scope": "SCOPE",
"audience": "https://xpansiv/platform",
"client_id": "your client ID",
"client_secret": "your client secret"
}'If successful, the above command returns status code 200, otherwise please check Errors section.
HTTP Request
POST https://auth.xpansiv.com/oauth/token
Request Body
| Parameter | Description | Payload (for non-sensitive parameters) |
|---|---|---|
| username | your username | |
| password | your Auth0 password | |
| grant_type | Auth0 grant type | "http://auth0.com/oauth/grant-type/password-realm" |
| realm | Auth0 realm | "Username-Password-Authentication" |
| scope | Auth0 scope | "SCOPE" |
| audience | Auth0 audience | "https://xpansiv/platform" |
| client_id | your client ID | |
| client_secret | your client secret |