Appearance
loginUser ​
Logins a NEXTi user (either iPad User or iPad Preview User) and creates an auth token passed in the HTTP headers which is valid for a limited time period, say 15 mins.
From 20190328 we added Outbound Federated login which requires a different authentication flow along the lines of: 1.) obtain user email from UI/keychain and call /rest/user/scheme to discover user's authentication type 2.) When authType=O for Outbound then need to authenticate to Ping Federate to retrieve access token. 2.1.) Using access token from step 2, inject this into the "Authorization" header. A SAM token should be returned. 3.) When authType=S for Standard then just fill in JSON login request. Existing app versions will call version 1 API. 4.) When authType=I for Inbound...TBC WIP.
Request ​
http
POST /rest/user/loginHeaders ​
VERSION 1 - N/A VERSION 2 Authorization (required) [string] - to Bearer hold access token returned from Ping authenication API (See SSO APIs) for Outbound Federated users e.g. Authorization: Bearer $AUTH_TOKEN
Parameters ​
VERSION 1 (via Form Params)
| Parameter | Type | Required | Description |
|---|---|---|---|
uEmail | string 255 | Yes | User Email Address |
uPassword | string 30 | Yes | User Password (in the clear but over HTTPS ONLY) |
appCode | string 2 | Yes | Either NI or MY |
version | number | Yes | Version of this API e.g. 1 |
VERSION 2 (via JSON) for Standard non-SSO logins uses JSON (as of 20190328)
Login API accepts JSON payload in request
json
{
"uEmail":"<email_address>",
"uPassword":"<password>",
"platform":"<optional_platform>",
"appCode":"<required_NI_or_MY>",
"version":"2"
}json
{
"uEmail":"<email_address>",
"appCode":"<required_NI_or_MY>",
"version":"2"
}Response ​
200 OK ​
No body returned only x-nextinteract-authtoken and x-nextinteract-authtoken-expiry-seconds in the header
Response Headers ​
x-nextinteract-authtoken - token to be used in all subsequent service operations. Cache period is 30min and the window before getting new one is 30seconds before it expires. i.e. you get a new token if a request comes in at 29min30sec to 29min59sec. ALSO NOTE: unlike smartlib signing tokens, the authtoken can only ever have one valid token at one time, so there could be a small window where a once valid auth token is valid for 20 more seconds, which will be invalidated and replaced with a new token. Network code should thus be set such that any API call which fails with an invalid token error, should re-login to get a new auth token (and not rely on the token TTL)
Errors ​
| Exception | Description |
|---|---|
WSInvalidParameterException | See Error Definitions |
WSInvalidSSOAuthTokenException | See Error Definitions |
WSCacheServiceException | See Error Definitions |
WSCognitoServiceException | See Error Definitions |
WSUserServiceException | See Error Definitions |
WSUserNotEnabledForMIException | See Error Definitions |
WSUserNotEnabledForNIException | See Error Definitions |
WSNotYetRegisteredForMIException | See Error Definitions |
WSUserAccountLockedException | See Error Definitions |
WSUserAuthenticationFailedException | See Error Definitions |
WSOAuthServiceException | See Error Definitions |
WSPasswordServiceException | See Error Definitions |
WSUserUseFederatedLoginException | See Error Definitions |
WSRecentPasswordResetException | See Error Definitions |
UserNotFoundException | See Error Definitions |
UserServiceException | See Error Definitions |