search

Authentication API

This document explains how to use Authentication APIs. Authentication APIs use HTTP POST protocol and send and receive messages in JSON format.

hashtag
Endpoint

Real Server : https://auth.finenex.net/v2arrow-up-right

Test Server : https://test-auth.finenex.net/v2arrow-up-right

hashtag
API References

hashtag
Authenticate

Log in using your ID and password.

hashtag
Authenticate with ID and password

post
Body
userTypestringOptional

User type (store, employee, platform, customer, root)

idstringOptional

User ID

passwordstringOptional

User password

tokenstringOptional

JWT

Responses
post
/auth/auth-user

  • userType is ignored. Currently it is not used.

  • You can authenticate through id and password.

  • If there is a token value, the token validity period can be extended.

  • If successful, you get a new JWT token. It also receives basic user information, such as user name, userId, telNo, and email.

hashtag
Example

Log in using your VP (Verifiable Presentation).

hashtag
Login with VP

post
Body
requestIdstringOptional
Responses
post
/auth/auth-user-with-vp
200

Return JWT

  • Put the VP body in vp.

  • In case of the application's own login, requestId is not needed. requestId is required for web site login. When the web site shows the QR code through the browser, the user application reads this value, puts it in the requetId, and calls this API to log in to the web site.

  • If successful, you get a new JWT token. It also receives basic user information, such as user name, userId, telNo, and email.

hashtag
Example

The following auth-user-by-app, cancel-auth-user-by-app, and auth-user-result-by-app are provided for web site login. These APIs are used by the web server script.

Request DID login.

hashtag
Request authentication via a user app

post
Body
requestIdstringOptional
waitTimeintegerOptional
Responses
post
/auth/auth-user-by-app
200

Successful

  • requestId is an identifier that identifies the web site. In general, you can use the site URL + "?".

  • waitTime is the maximum waiting time for login.

  • If successful, new requestId is issued. This value should be used to check if a user is logged in by the user application.

hashtag
Example

Cancel the authentication request.

hashtag
Cancel the authentication via a user app

post
Body
requestIdstringOptional
waitTimeintegerOptional
Responses
post
/auth/cancel-auth-user-by-app
200

Successful

No content

  • requestId is the id you want to cancel.

  • waitTime is ignored.

hashtag
Example

Check whether the login was successful.

hashtag
Get the token obtained through a user app

post
Body
requestIdstringOptional
waitTimeintegerOptional
Responses
post
/auth/auth-user-result-by-app
200

Return JWT

  • requestId is the ID that checks the login success response.

  • waitTime is ignored.

  • If successful, you get a new JWT token. It also receives basic user information, such as user name, userId, telNo, and email.

  • If there is no request or the request time is old, a 400 error occurs.

  • If you're waiting for a response from your app, you'll get a 401 error.

hashtag
Example

hashtag
DID (Decentralized Identifier)

Create your DID.

hashtag
Create DID (Decentralized Identity)

post
Body
aliasstringOptional
addressstringOptional
secretKeystringOptional
Responses
post
/did/create-did
200

Returns DID

  • alias is an alias for identifying a DID.

  • Use the address and secretKey that came out when you create the address to authenticate yourself.

hashtag
Example

Create your VCs (Verifiable Credential).

Because this is the credentials used by this system, the JWT authenticated by /auth/auth-user in advance is required.

hashtag
Create VC (Verifiable Claims)

post
Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Body
holderstringOptional
issuerstringOptional
tempKeystringOptional
hashKeystringOptional
Responses
post
/did/create-vc
200

Returns VC

  • holder is your issued DID.

  • issuer is the issuer DID provided by this authentication system.

  • Provides additional information to userInfo in key/value format.

  • If successful, you will get your VC.

hashtag
Example

Verify the VC.

hashtag
Verify VC (Verifiable Credential)

post
Body
issuerobjectOptional
Other propertiesanyOptional
Responses
post
/did/verify-vc
200

Returns whether the validation was successful or not

  • The body of the request has the VC.

  • If successful, verified is true.

hashtag
Example

Create your VP (Verifiable Presentation).

hashtag
Create VP (Verifiable Presentation)

post
Body
holderstringOptional
verifierstringOptional
tempKeystringOptional
hashKeystringOptional
Responses
post
/did/create-vp
200

Return VP

  • holder is your DID.

  • verifier is the verifier DID provided by this authentication system.

  • credentials contains a list of VCs.

  • If succesful, your VP is created.

hashtag
Example

Verify the VP

hashtag
Verify VP (Verifiable Presentaton)

post
Body
proofobjectOptional
Other propertiesanyOptional
Responses
post
/did/verify-vp
200

Returns whether the validation was successful or not

  • The body of the request has the VP.

  • If successful, verified is true.

hashtag
Example

List issuers and verifiers.

hashtag
Get an issuer list

get
Responses
get
/did/issuers
200

Returns issuers

hashtag
Example

hashtag
Get an verifier list

get
Responses
get
/did/verifiers
200

Returns verifiers

hashtag
Examples

NextChain API

Last updated