Authentication API

This document explains how to use Authentication APIs. Authentication APIs use HTTP POST protocol and send and receive messages in JSON format.

Endpoint

Real Server : https://auth.finenex.net/v2

Test Server : https://test-auth.finenex.net/v2

API References

Authenticate

Log in using your ID and password.

  • userType is ignored. Currently it is not used.

  • You can authenticate through id and password.

  • If there is a token value, the token validity period can be extended.

  • If successful, you get a new JWT token. It also receives basic user information, such as user name, userId, telNo, and email.

Example

curl -X 'POST' \
  '{endpoint}/auth/auth-user' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "id": "test",
  "password": "1111"
}'

Log in using your VP (Verifiable Presentation).

  • Put the VP body in vp.

  • In case of the application's own login, requestId is not needed. requestId is required for web site login. When the web site shows the QR code through the browser, the user application reads this value, puts it in the requetId, and calls this API to log in to the web site.

  • If successful, you get a new JWT token. It also receives basic user information, such as user name, userId, telNo, and email.

Example

curl -X 'POST' \
  '{endpoint}/auth/auth-user-with-vp' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "vp": {
    "verifiableCredential" : [ {
      "credentialSubject" : {
        "name" : "asd",
        "phone" : "432-4324",
        "sub" : "01022223333",
        "id" : "did:ethr:0xb80a41cd53c3a42faa5a5f58e61909e50df811e0"
      },
      "issuer" : {
        "id" : "did:ethr:0xd284cdc964af8a01d82d0caa7deeba82785b54f4"
      },
      "type" : [ "VerifiableCredential", "Profile" ],
      "@context" : [ "https://www.w3.org/2018/credentials/v1" ],
      "issuanceDate" : "2022-10-18T09:14:22.000Z",
      "proof" : {
        "type" : "JwtProof2020",
        "jwt" : "eyJhbGciOiJFUzI1NksiLCJ0eXAiOiJKV1QifQ.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiUHJvZmlsZSJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJuYW1lIjoiYXNkIiwicGhvbmUiOiI0MzItNDMyNCIsInN1YiI6IjAxMDIyMjIzMzMzIn19LCJzdWIiOiJkaWQ6ZXRocjoweGI4MGE0MWNkNTNjM2E0MmZhYTVhNWY1OGU2MTkwOWU1MGRmODExZTAiLCJuYmYiOjE2NjYwODQ0NjIsImlzcyI6ImRpZDpldGhyOjB4ZDI4NGNkYzk2NGFmOGEwMWQ4MmQwY2FhN2RlZWJhODI3ODViNTRmNCJ9.PqUOVrxFI8Bmt2UKjJ2oF6oFNkV_0s9xzJczPwkDf8_fueJdBoK3OuOKnWPfS-wgSDTDMpyNlf_m27DoxvA1pA"
      }
    } ],
    "holder" : "did:ethr:0xb80a41cd53c3a42faa5a5f58e61909e50df811e0",
    "verifier" : [ "did:ethr:0xd284cdc964af8a01d82d0caa7deeba82785b54f4" ],
    "type" : [ "VerifiablePresentation", "VerifiableCredential", "Profile" ],
    "@context" : [ "https://www.w3.org/2018/credentials/v1" ],
    "issuanceDate" : "2022-10-18T09:14:26.000Z",
    "proof" : {
      "type" : "JwtProof2020",
      "jwt" : "eyJhbGciOiJFUzI1NksiLCJ0eXAiOiJKV1QifQ.eyJ2cCI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVQcmVzZW50YXRpb24iLCJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIlByb2ZpbGUiXSwidmVyaWZpYWJsZUNyZWRlbnRpYWwiOlsiZXlKaGJHY2lPaUpGVXpJMU5rc2lMQ0owZVhBaU9pSktWMVFpZlEuZXlKMll5STZleUpBWTI5dWRHVjRkQ0k2V3lKb2RIUndjem92TDNkM2R5NTNNeTV2Y21jdk1qQXhPQzlqY21Wa1pXNTBhV0ZzY3k5Mk1TSmRMQ0owZVhCbElqcGJJbFpsY21sbWFXRmliR1ZEY21Wa1pXNTBhV0ZzSWl3aVVISnZabWxzWlNKZExDSmpjbVZrWlc1MGFXRnNVM1ZpYW1WamRDSTZleUp1WVcxbElqb2lZWE5rSWl3aWNHaHZibVVpT2lJME16SXRORE15TkNJc0luTjFZaUk2SWpBeE1ESXlNakl6TXpNekluMTlMQ0p6ZFdJaU9pSmthV1E2WlhSb2Nqb3dlR0k0TUdFME1XTmtOVE5qTTJFME1tWmhZVFZoTldZMU9HVTJNVGt3T1dVMU1HUm1PREV4WlRBaUxDSnVZbVlpT2pFMk5qWXdPRFEwTmpJc0ltbHpjeUk2SW1ScFpEcGxkR2h5T2pCNFpESTROR05rWXprMk5HRm1PR0V3TVdRNE1tUXdZMkZoTjJSbFpXSmhPREkzT0RWaU5UUm1OQ0o5LlBxVU9WcnhGSThCbXQyVUtqSjJvRjZvRk5rVl8wczl4ekpjelB3a0RmOF9mdWVKZEJvSzNPdU9LbldQZlMtd2dTRFRETXB5TmxmX20yN0RveHZBMXBBIl19LCJuYmYiOjE2NjYwODQ0NjYsImlzcyI6ImRpZDpldGhyOjB4YjgwYTQxY2Q1M2MzYTQyZmFhNWE1ZjU4ZTYxOTA5ZTUwZGY4MTFlMCIsImF1ZCI6WyJkaWQ6ZXRocjoweGQyODRjZGM5NjRhZjhhMDFkODJkMGNhYTdkZWViYTgyNzg1YjU0ZjQiXX0.fLwCJfdJdtZDtAm8jipG7EJ_Qyrv-03XmwGWnWOhyGg_XNFKX4K271HB2zkTIUbcbU8VavjlWMNlkuwEiV8Kog"
    }
  }
}'

The following auth-user-by-app, cancel-auth-user-by-app, and auth-user-result-by-app are provided for web site login. These APIs are used by the web server script.

Request DID login.

  • requestId is an identifier that identifies the web site. In general, you can use the site URL + "?".

  • waitTime is the maximum waiting time for login.

  • If successful, new requestId is issued. This value should be used to check if a user is logged in by the user application.

Example

curl -X 'POST' \
  '{endpoint}/auth/auth-user-by-app' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "requestId": "https://my.domain?",
  "waitTime": 60
}'

Cancel the authentication request.

  • requestId is the id you want to cancel.

  • waitTime is ignored.

Example

curl -X 'POST' \
  '{endpoint}/auth/cancel-auth-user-by-app' \
  -H 'accept: */*' \
  -H 'Content-Type: application/json' \
  -d '{
  "requestId": "https://my.domain?requestId=1666328121807_6979"
}'

Check whether the login was successful.

  • requestId is the ID that checks the login success response.

  • waitTime is ignored.

  • If successful, you get a new JWT token. It also receives basic user information, such as user name, userId, telNo, and email.

  • If there is no request or the request time is old, a 400 error occurs.

  • If you're waiting for a response from your app, you'll get a 401 error.

Example

curl -X 'POST' \
  '{endpoint}/auth/auth-user-result-by-app' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "requestId": "https://my.domain?requestId=1666328121807_6979"
}'

DID (Decentralized Identifier)

Create your DID.

  • alias is an alias for identifying a DID.

  • Use the address and secretKey that came out when you create the address to authenticate yourself.

Example

curl -X 'POST' \
  '{endpoint}/did/create-did' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "alias": "4700634FB09E0019",
  "address": "0x38b45217e81548733f9fd7443ecfe4ea6b5725cf",
  "secretKey": "a728102d411b1871f7ae91505b4e1558"
}'

Create your VCs (Verifiable Credential).

Because this is the credentials used by this system, the JWT authenticated by /auth/auth-user in advance is required.

  • holder is your issued DID.

  • issuer is the issuer DID provided by this authentication system.

  • Provides additional information to userInfo in key/value format.

  • If successful, you will get your VC.

Example

curl -X 'POST' \
  '{endpoint}/did/create-vc' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0Iiwicm9sZSI6IlJPTEVfVVNFUiIsImV4cCI6MTY2ODkyMzY5MSwidXNlciI6IjQ3MDA2MDM2NDRCNzAwMDQiLCJpYXQiOjE2NjYzMzE2OTF9.c2BMNGbTUNV6HQAIBy9nHOTEK8nZOex1r-ntO3KLlNY' \
  -H 'Content-Type: application/json' \
  -d '{
  "holder": "did:ethr:0x38b45217e81548733f9fd7443ecfe4ea6b5725cf",
  "issuer": "did:ethr:0xd284cdc964af8a01d82d0caa7deeba82785b54f4",
  "userInfo": {
     "name": "Hong"
  }
}'

Verify the VC.

  • The body of the request has the VC.

  • If successful, verified is true.

Example

curl -X 'POST' \
  '{endpoint}/did/verify-vc' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "credentialSubject": {
    "name": "Hong",
    "sub": "test",
    "id": "did:ethr:0x38b45217e81548733f9fd7443ecfe4ea6b5725cf"
  },
  "issuanceDate": "2022-10-21T05:56:06.000Z",
  "proof": {
    "type": "JwtProof2020",
    "jwt": "eyJhbGciOiJFUzI1NksiLCJ0eXAiOiJKV1QifQ.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiUHJvZmlsZSJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJuYW1lIjoiSG9uZyIsInN1YiI6InRlc3QifX0sInN1YiI6ImRpZDpldGhyOjB4MzhiNDUyMTdlODE1NDg3MzNmOWZkNzQ0M2VjZmU0ZWE2YjU3MjVjZiIsIm5iZiI6MTY2NjMzMTc2NiwiaXNzIjoiZGlkOmV0aHI6MHhkMjg0Y2RjOTY0YWY4YTAxZDgyZDBjYWE3ZGVlYmE4Mjc4NWI1NGY0In0.IvrseTkX-lnadHg7TrPcBaTC5utYIr72nbQRgdNS_jwSPy4fypUxu7_2xaJw1IqHy71-uTp1B52hAz7ZeRb89g"
  },
  "type": [
    "VerifiableCredential",
    "Profile"
  ],
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "issuer": {
    "id": "did:ethr:0xd284cdc964af8a01d82d0caa7deeba82785b54f4"
  }

Create your VP (Verifiable Presentation).

  • holder is your DID.

  • verifier is the verifier DID provided by this authentication system.

  • credentials contains a list of VCs.

  • If succesful, your VP is created.

Example

curl -X 'POST' \
  '{endpoint}/did/create-vp' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "holder": "did:ethr:0xa54545a4e45cf5a229438695c6bea23c5d1414c9",
  "verifier": "did:ethr:0xd284cdc964af8a01d82d0caa7deeba82785b54f4",
  "credentials": [
  {
    "credentialSubject" : {
      "userId" : "sus",
      "name" : "ss",
      "phone" : "019-3992-6444",
      "birthdate" : "2022-10-19",
      "dRegNumber" : "ss",
      "sub" : "7005550002",
      "id" : "did:ethr:0xa54545a4e45cf5a229438695c6bea23c5d1414c9"
    },
    "issuer" : {
      "id" : "did:ethr:0xa3bbf50a3c3a4180521325cb99ea301142b3634e"
    },
    "type" : [ "VerifiableCredential", "Profile" ],
    "@context" : [ "https://www.w3.org/2018/credentials/v1" ],
    "issuanceDate" : "2022-10-19T10:42:13.000Z",
    "proof" : {
      "type" : "JwtProof2020",
      "jwt" : "eyJhbGciOiJFUzI1NksiLCJ0eXAiOiJKV1QifQ.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiUHJvZmlsZSJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJ1c2VySWQiOiJzdXMiLCJuYW1lIjoic3MiLCJwaG9uZSI6IjAxOS0zOTkyLTY0NDQiLCJiaXJ0aGRhdGUiOiIyMDIyLTEwLTE5IiwiZFJlZ051bWJlciI6InNzIiwic3ViIjoiNzAwNTU1MDAwMiJ9fSwic3ViIjoiZGlkOmV0aHI6MHhhNTQ1NDVhNGU0NWNmNWEyMjk0Mzg2OTVjNmJlYTIzYzVkMTQxNGM5IiwibmJmIjoxNjY2MTc2MTMzLCJpc3MiOiJkaWQ6ZXRocjoweGEzYmJmNTBhM2MzYTQxODA1MjEzMjVjYjk5ZWEzMDExNDJiMzYzNGUifQ.LrTCG_SPXE-qpicQvTlaw666cmDpsZEILPpCAVRMBbjB-Yp-GMY0arqTxgc0rTRD3XlXV57JhCkZKYBZ261Dxg"
    }
  }  
  ]
}'

Verify the VP

  • The body of the request has the VP.

  • If successful, verified is true.

Example

{
  "issuanceDate": "2022-10-21T06:16:23.000Z",
  "verifier": [
    "did:ethr:0xd284cdc964af8a01d82d0caa7deeba82785b54f4"
  ],
  "holder": "did:ethr:0xa54545a4e45cf5a229438695c6bea23c5d1414c9",
  "proof": {
    "type": "JwtProof2020",
    "jwt": "eyJhbGciOiJFUzI1NksiLCJ0eXAiOiJKV1QifQ.eyJ2cCI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVQcmVzZW50YXRpb24iLCJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIlByb2ZpbGUiXSwidmVyaWZpYWJsZUNyZWRlbnRpYWwiOlsiZXlKaGJHY2lPaUpGVXpJMU5rc2lMQ0owZVhBaU9pSktWMVFpZlEuZXlKMll5STZleUpBWTI5dWRHVjRkQ0k2V3lKb2RIUndjem92TDNkM2R5NTNNeTV2Y21jdk1qQXhPQzlqY21Wa1pXNTBhV0ZzY3k5Mk1TSmRMQ0owZVhCbElqcGJJbFpsY21sbWFXRmliR1ZEY21Wa1pXNTBhV0ZzSWl3aVVISnZabWxzWlNKZExDSmpjbVZrWlc1MGFXRnNVM1ZpYW1WamRDSTZleUoxYzJWeVNXUWlPaUp6ZFhNaUxDSnVZVzFsSWpvaWMzTWlMQ0p3YUc5dVpTSTZJakF4T1Mwek9Ua3lMVFkwTkRRaUxDSmlhWEowYUdSaGRHVWlPaUl5TURJeUxURXdMVEU1SWl3aVpGSmxaMDUxYldKbGNpSTZJbk56SWl3aWMzVmlJam9pTnpBd05UVTFNREF3TWlKOWZTd2ljM1ZpSWpvaVpHbGtPbVYwYUhJNk1IaGhOVFExTkRWaE5HVTBOV05tTldFeU1qazBNemcyT1RWak5tSmxZVEl6WXpWa01UUXhOR001SWl3aWJtSm1Jam94TmpZMk1UYzJNVE16TENKcGMzTWlPaUprYVdRNlpYUm9jam93ZUdFelltSm1OVEJoTTJNellUUXhPREExTWpFek1qVmpZams1WldFek1ERXhOREppTXpZek5HVWlmUS5MclRDR19TUFhFLXFwaWNRdlRsYXc2NjZjbURwc1pFSUxQcENBVlJNQmJqQi1ZcC1HTVkwYXJxVHhnYzByVFJEM1hsWFY1N0poQ2taS1lCWjI2MUR4ZyJdfSwibmJmIjoxNjY2MzMyOTgzLCJpc3MiOiJkaWQ6ZXRocjoweGE1NDU0NWE0ZTQ1Y2Y1YTIyOTQzODY5NWM2YmVhMjNjNWQxNDE0YzkiLCJhdWQiOlsiZGlkOmV0aHI6MHhkMjg0Y2RjOTY0YWY4YTAxZDgyZDBjYWE3ZGVlYmE4Mjc4NWI1NGY0Il19.AjFvyK-4yYH7PHMZT2c-ZsBiquX8ZPZARwmMHcYNtkup15CqCgq1GFcQOWEtvDfwkj8abJH4kH4ffCreWR1tWQ"
  },
  "type": [
    "VerifiablePresentation",
    "VerifiableCredential",
    "Profile"
  ],
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "verifiableCredential": [
    {
      "credentialSubject": {
        "userId": "sus",
        "name": "ss",
        "phone": "019-3992-6444",
        "birthdate": "2022-10-19",
        "dRegNumber": "ss",
        "sub": "7005550002",
        "id": "did:ethr:0xa54545a4e45cf5a229438695c6bea23c5d1414c9"
      },
      "issuer": {
        "id": "did:ethr:0xa3bbf50a3c3a4180521325cb99ea301142b3634e"
      },
      "type": [
        "VerifiableCredential",
        "Profile"
      ],
      "@context": [
        "https://www.w3.org/2018/credentials/v1"
      ],
      "issuanceDate": "2022-10-19T10:42:13.000Z",
      "proof": {
        "type": "JwtProof2020",
        "jwt": "eyJhbGciOiJFUzI1NksiLCJ0eXAiOiJKV1QifQ.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiUHJvZmlsZSJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJ1c2VySWQiOiJzdXMiLCJuYW1lIjoic3MiLCJwaG9uZSI6IjAxOS0zOTkyLTY0NDQiLCJiaXJ0aGRhdGUiOiIyMDIyLTEwLTE5IiwiZFJlZ051bWJlciI6InNzIiwic3ViIjoiNzAwNTU1MDAwMiJ9fSwic3ViIjoiZGlkOmV0aHI6MHhhNTQ1NDVhNGU0NWNmNWEyMjk0Mzg2OTVjNmJlYTIzYzVkMTQxNGM5IiwibmJmIjoxNjY2MTc2MTMzLCJpc3MiOiJkaWQ6ZXRocjoweGEzYmJmNTBhM2MzYTQxODA1MjEzMjVjYjk5ZWEzMDExNDJiMzYzNGUifQ.LrTCG_SPXE-qpicQvTlaw666cmDpsZEILPpCAVRMBbjB-Yp-GMY0arqTxgc0rTRD3XlXV57JhCkZKYBZ261Dxg"
      }
    }
  ]
}

List issuers and verifiers.

Example

curl -X 'GET' \
  '{endpoint}/did/issuers' \
  -H 'accept: application/json'

Examples

curl -X 'GET' \
  '{endpoint}/did/verifiers' \
  -H 'accept: application/json'

Last updated