Streambird Auth API
v1

Explore all the details of Streambird Auth API. All of our APIs are RESTful and accept and return JSON.

This is the documentation for version v1 of the API. Last update on Nov 14, 2022.

Base URL
https://api.streambird.io

Authentication

Authorization (http)

Auth Platform API includes all the Auth related features. All Users, Phone Numbers, Emails, and OTPs are associated with an App as the container.

Endpoints only accept App's Secret API keys other than certain endpoints that are used client side or via SDK that accept the public_token.

Authentication using App Api Key

Header:

Authorization: Bearer {api_key}

Authenticated Request

curl \
  -X GET https://api.streambird.io/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2 \
  -H "Authorization: Bearer sk_test_pRqweh3wvWmJAAVYv7Z0T5iPLzFM4ql0muoyQcjOxGeN3p1r"

Create User

POST /v1/auth/users/create

Creates a user in an App that requires authentication. Each user will have a default wallet created for the wallet_type sent in.

HTTP Request

POST /v1/auth/users/create

Returns

A successful response returns a User object with email_id and phone_number_id properties.

Body

  • email string

    Required if phone_number not present Email that uniquely identifies the user.

  • Required if email not present E.164 formatted mobile phone number that uniquely identifies the user.

  • First name of the user.

  • Middle name of the user.

  • Middle name of the user.

  • Determines if verification for the authentication method (email, phone_number) is required before marking the user as active.

  • Determines what type of wallet login. If the user does not have a default wallet of the same wallet_type, a new default wallet will be created for the user. If left blank, the default will be ETH. Possible values: ETH, SOL, BTC, DOT, XLM (more wallets coming soon).

  • Determines if the full user object should be returned. Defaults to false.

Responses

POST /v1/auth/users/create
curl \
 -X POST https://api.streambird.io/v1/auth/users/create \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"first_name":"John","last_name":"Smith","email":"sandbox@streambird.io","phone_number":"+14152222222","requires_verification":true}'
Request example
{
  "first_name": "John",
  "last_name": "Smith",
  "email": "sandbox@streambird.io",
  "phone_number": "+14152222222",
  "requires_verification": true
}
Response example (200)
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "status": "pending",
  "email_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
  "phone_number_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy"
}

Search Users (beta)

POST /v1/auth/users/search

Search users within an App.

HTTP Request

POST /v1/auth/users/search

Returns

A successful response returns a list of User objects in users property and also pagination related properties.

Body

  • limit number

    Number of objects to return per response, must be between 10 to 100, defaults to 50.

  • A cursor for use in pagination. starting_after is an object ID that defines your place in the search result when there are more results to fit into a single response. For instance, if you make a search request with limit of 100 objects, ending with user_123, your subsequent call can include starting_after: user_123 in order to fetch the next page of the search result.

  • filters object

    Filters object to apply to the search.

    • operator string Required

      Required if filters property is present Logical operator to apply on the fields. Possible values: AND, OR.

    • fields array[object]

      Optional List of field filter objects.

      At least 1 element.

      • field string Required

        Field to filter the search by. Possible values:

        • user_id - Filter by the unique ID(s) of the user. Compatible with eq and in operators.
        • status - Filter by the status of the user, accepted values: active, pending. Compatible with eq and in operators.
        • full_name_match - Filter by the fuzzy match of the user's full name ({first_name} {last_name}). Compatible with eq operator.
        • phone_number - Filter by associated the phone number(s) of the user. Compatible with eq and in operators.
        • phone_number_id - Filter by the associated phone number ID(s) of the user. Compatible with eq and in operators.
        • phone_number_match - Filter by the fuzzy match of the user's phone number(s). Compatible with eq operator.
        • phone_number_verified - Filter by the verified flag of the user's associated phone number(s). Compatible with eq operator.
        • email - Filter by the email of the user. Compatible with eq and in operators.
        • email_id - Filter by the associated email ID(s) of the user. Compatible with eq and in operators.
        • email_verified - Filter by the verified flag of the user's associated email(s). Compatible with eq operator.
        • email_match - Filter by the fuzzy match of the user's email(s). Compatible with eq operator.
        • wallet_public_address - Filter by the wallet public address of the user. Compatible with eq and in operators.
        • wallet_id - Filter by the associated wallet ID(s) of the user. Compatible with eq and in operators.
        • totp_id - Filter by the associated totp instance ID(s) of the user. Compatible with eq and in operators.
        • totp_verified - Filter by the verified flag of the TOTP instance(s). Compatible with eq operator.
        • idp_provider - Filter by the associated IdP/OAuth provider(s) of the user. Compatible with eq and in operators.

        Values are user_id, status, full_name_match, phone_number, phone_number_id, phone_number_match, phone_number_verified, email, email_id, email_verified, email_match, wallet_public_address, wallet_id, totp_id, totp_verified, or idp_provider.

      • operator string Required

        Required Filter operator to apply for the field. Possible values: eq (translates to equals or = in SQL), between (translates to >= value AND <= second_value in SQL) , lt (translates to less than or < in SQL), gt (translates to greater than or > in SQL), in (translates to IN (value1, value2, ...) in SQL.)

      • value string | number | integer | boolean

        Optional Value to filter by and to be used with operators eq, between, lt, and gt.

      • second_value string | number | integer | boolean

        Optional Value to filter by and to be used with between operator.

      • values array[string | number]

        Optional Values to filter by and to be used with in operator.

Responses

POST /v1/auth/users/search
curl \
 -X POST https://api.streambird.io/v1/auth/users/search \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"limit":100,"filters":{"operator":"OR","fields":[{"field":"phone_number_match","operator":"eq","value":"2222222"}]}}'
Request example
{
  "limit": 100,
  "filters": {
    "operator": "OR",
    "fields": [
      {
        "field": "phone_number_match",
        "operator": "eq",
        "value": "2222222"
      }
    ]
  }
}
Response example (200)
{
  "users": [
    {
      "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
      "app_id": "app_24ydphdixx2ydhF0E5WUFUKWNqi",
      "first_name": "John",
      "middle_name": "",
      "last_name": "Smith",
      "active": true,
      "updated_at": 1639873806,
      "created_at": 1639873806,
      "emails": [
        {
          "id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
          "verified": false,
          "email": "sandbox@streambird.io",
          "updated_at": 1639873806,
          "created_at": 1639873806
        }
      ],
      "phone_numbers": [
        {
          "id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
          "verified": true,
          "phone_number": "+14152222222",
          "updated_at": 1643004687,
          "created_at": 1639873806
        }
      ],
      "wallets": [
        {
          "id": "wallet_24tdfcVDSJQpK5huDnZaqPP2aiI",
          "app_id": "app_24ydphdixx2ydhF0E5WUFUKWNqi",
          "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
          "public_address": "0xd3EfC42956c546Cf27B5f18062c63B4BF6d72D7c",
          "wallet_type": "ETH",
          "is_default": true,
          "updated_at": 1640133104,
          "created_at": 1640133104
        }
      ],
      "totps": [
        {
          "id": "totp_284EPXPYI5zZoh4pp2mpAQ2PnuY",
          "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
          "verified": false,
          "updated_at": 1650467433,
          "created_at": 1650467433
        }
      ]
    }
  ],
  "total_count": 10,
  "has_more": false
}

Get User

GET /v1/auth/users/{user_id}

Get a user with their various properties like emails, phone_numbers, and other attached identifiers.

HTTP Request

GET /v1/auth/users/{user_id}

Returns

A successful response returns a User object with linked identifiers such as emails, phone numbers in their corresponding properties.

Path parameters

  • user_id string Required

    Unique User ID of the user.

Responses

GET /v1/auth/users/{user_id}
curl \
 -X GET https://api.streambird.io/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2 \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "first_name": "",
  "middle_name": "",
  "last_name": "",
  "status": "active",
  "active": true,
  "updated_at": 1646873318,
  "created_at": 1646873318,
  "emails": [
    {
      "id": "email_26AjWpEcss2YyqFh1san6Wjjs7o",
      "verified": true,
      "email": "hello@streambird.io",
      "updated_at": 1646957196,
      "created_at": 1646873318
    },
    {
      "id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
      "verified": false,
      "email": "sandbox@streambird.io",
      "updated_at": 1642703333,
      "created_at": 1642703333
    }
  ],
  "phone_numbers": [
    {
      "id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
      "verified": false,
      "phone_number": "+14152222222",
      "updated_at": 1642703333,
      "created_at": 1642703333
    }
  ],
  "idp_providers": [
    {
      "id": "idpuser_28SRho5nbD045LGq2btZWXhkdjN",
      "provider": "google",
      "provider_subject": "100157402424066154830",
      "idp_type": "oauth",
      "method_id": "email_26AjWpEcss2YyqFh1san6Wjjs7o",
      "method_type": "email",
      "updated_at": 1651208121,
      "created_at": 1651208121
    }
  ],
  "wallets": [
    {
      "id": "wallet_26AjWu075gRWMnjfPglcdoD2PAQ",
      "public_address": "0x863c381a56a58370f435b0100faba94e6462b6d1",
      "wallet_type": "ETH",
      "verified": true,
      "is_default": true,
      "is_read_only": false,
      "is_imported": false,
      "updated_at": 1646873319,
      "created_at": 1646873319
    }
  ],
  "totps": [],
  "webauthn_credentials": []
}

Update User

PUT /v1/auth/users/{user_id}/update

Update a user by ID.

HTTP Request

PUT /v1/auth/users/{user_id}/update

Returns

A successful response returns a User object in user owith linked emails and phone numbers in emails and phone_numbers properties.

Body

  • First name of the user.

  • Middle name of the user.

  • Last name of the user.

  • emails array[object]

    List of Emails to attach to the user.

    At least 1 element.

    • email string Required

      Email that uniquely identifies the user.

  • phone_numbers array[object]

    List of E.164 formatted mobile phone numbers to attach to the user.

    At least 1 element.

    • phone_number string Required

      E.164 formatted mobile phone number that uniquely identifies the user.

Responses

PUT /v1/auth/users/{user_id}/update
curl \
 -X PUT https://api.streambird.io/v1/auth/users/{user_id}/update \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"first_name":"John","middle_name":"","last_name":"Smith","emails":[{"email":"sandbox@streambird.io"}],"phone_numbers":[{"phone_number":"+14152222222"}]}'
Request example
{
  "first_name": "John",
  "middle_name": "",
  "last_name": "Smith",
  "emails": [
    {
      "email": "sandbox@streambird.io"
    }
  ],
  "phone_numbers": [
    {
      "phone_number": "+14152222222"
    }
  ]
}
Response example (200)
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "phone_numbers": [
    {
      "id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
      "verified": false,
      "phone_number": "+14152222222",
      "updated_at": 1642703333,
      "created_at": 1642703333
    }
  ],
  "emails": [
    {
      "id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
      "verified": false,
      "email": "sandbox@streambird.io",
      "updated_at": 1642703333,
      "created_at": 1642703333
    }
  ],
  "user": {
    "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
    "first_name": "",
    "middle_name": "",
    "last_name": "",
    "status": "active",
    "active": true,
    "updated_at": 1646873318,
    "created_at": 1646873318,
    "emails": [
      {
        "id": "email_26AjWpEcss2YyqFh1san6Wjjs7o",
        "verified": true,
        "email": "hello@streambird.io",
        "updated_at": 1646957196,
        "created_at": 1646873318
      },
      {
        "id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
        "verified": false,
        "email": "sandbox@streambird.io",
        "updated_at": 1642703333,
        "created_at": 1642703333
      }
    ],
    "phone_numbers": [
      {
        "id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
        "verified": false,
        "phone_number": "+14152222222",
        "updated_at": 1642703333,
        "created_at": 1642703333
      }
    ],
    "idp_providers": [
      {
        "id": "idpuser_28SRho5nbD045LGq2btZWXhkdjN",
        "provider": "google",
        "provider_subject": "100157402424066154830",
        "idp_type": "oauth",
        "method_id": "email_26AjWpEcss2YyqFh1san6Wjjs7o",
        "method_type": "email",
        "updated_at": 1651208121,
        "created_at": 1651208121
      }
    ],
    "wallets": [
      {
        "id": "wallet_26AjWu075gRWMnjfPglcdoD2PAQ",
        "public_address": "0x863c381a56a58370f435b0100faba94e6462b6d1",
        "wallet_type": "ETH",
        "verified": true,
        "is_default": true,
        "is_read_only": false,
        "is_imported": false,
        "updated_at": 1646873319,
        "created_at": 1646873319
      }
    ],
    "totps": [],
    "webauthn_credentials": []
  }
}

Delete User

DELETE /v1/auth/users/{user_id}/delete

Delete a user by ID.

HTTP Request

DELETE /v1/auth/users/{user_id}/delete

Returns

A successful response returns an object with message and user_id properties.

Path parameters

  • user_id string Required

    Unique User ID of the user.

Responses

  • 200 object
    • message string Required

      Success message of the action.

    • user_id string Required

      Unique User ID of the deleted user.

DELETE /v1/auth/users/{user_id}/delete
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "message": "Successfully deleted user",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Delete User Email

DELETE /v1/auth/users/emails/{email_id}/delete

Delete an email from the associated user.

HTTP Request

DELETE /v1/auth/users/emails/{email_id}/delete

Returns

A successful response returns an object with message and user_id properties.

Responses

  • 200 object
    • message string Required

      Success message of the action.

    • user_id string Required

      Unique User ID of the deleted user email.

DELETE /v1/auth/users/emails/{email_id}/delete
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/emails/{email_id}/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "message": "Successfully deleted user email",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Delete User Phone Number

DELETE /v1/auth/users/phone_number/{phone_number_id}/delete

Delete a phone number from the associated user.

HTTP Request

DELETE /v1/auth/users/phone_numbers/{phone_number_id}/delete

Returns

A successful response returns an object with message and user_id properties.

Responses

  • 200 object
    • message string Required

      Success message of the action.

    • user_id string Required

      Unique User ID of the deleted user phone number.

DELETE /v1/auth/users/phone_number/{phone_number_id}/delete
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/phone_number/{phone_number_id}/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "message": "Successfully deleted user phone number",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Delete User Wallet

DELETE /v1/auth/users/wallets/{wallet_id}/delete

Delete a read only imported wallet attached to a user.

HTTP Request

DELETE /v1/auth/users/wallets/{wallet_id}/delete

Returns

A successful response returns an object with user_id property.

Responses

  • 200 object
    • message string Required

      Success message of the action.

    • user_id string Required

      Unique User ID of the deleted wallet.

DELETE /v1/auth/users/wallets/{wallet_id}/delete
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/wallets/{wallet_id}/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "message": "Successfully deleted user wallet"
}

Delete User WebAuthn Credential

DELETE /v1/auth/users/webauthn_credentials/{webauthn_credential_id}/delete

Delete a WebAuthn credential from the associated user.

HTTP Request

DELETE /v1/auth/users/webauthn_credentials/{webauthn_credential_id}/delete

Returns

A successful response returns an object with user_id property.

Responses

  • 200 object
    • message string Required

      Success message of the action.

    • user_id string Required

      Unique User ID associated with the deleted WebAuthn credential.

DELETE /v1/auth/users/webauthn_credentials/{webauthn_credential_id}/delete
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/webauthn_credentials/{webauthn_credential_id}/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "message": "Successfully deleted user WebAuthn credential"
}

Delete User TOTP

DELETE /v1/auth/users/totps/{totp_id}/delete

Delete a TOTP attached to a user.

HTTP Request

DELETE /v1/auth/users/totps/{totp_id}/delete

Returns

A successful response returns an object with message and user_id properties.

Responses

  • 200 object
    • message string Required

      Success message of the action.

    • user_id string Required

      Unique User ID of the deleted TOTP instance.

DELETE /v1/auth/users/totps/{totp_id}/delete
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/totps/{totp_id}/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "message": "Successfully deleted user totp"
}

Verify Token

POST /v1/auth/magic_links/verify

Verify the magic token of a magic link to authenticate the user. This endpoints verifies that the magic token sent in is valid and returns the method ID and verified user ID.

HTTP Request

POST /v1/auth/magic_links/verify

Returns

A successful response returns an object with method_id, method_type, and verified user_id properties. If session parameters are sent in, session_token, session_jwt and session will be included in the response.

Body

  • token string Required

    Required Magic Token in the Magic Link received by the User

  • Optional Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). This parameter will create a new session if there is no existing session along with a session_token and session_jwt. However, if a valid session_token or session_jwt is sent in, it will extend that session by the minutes specified. If not sent in, no session will be created by default.

  • Optional Unique session token to verify.

  • Optional Unique Session JWT to verify.

Responses

POST /v1/auth/magic_links/verify
curl \
 -X POST https://api.streambird.io/v1/auth/magic_links/verify \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"token":"CzJ1WTtyCF2wqhavQYiy9m7GayazthwamK4DKC07Ac6B2Fmn"}'
Request example
{
  "token": "CzJ1WTtyCF2wqhavQYiy9m7GayazthwamK4DKC07Ac6B2Fmn"
}
Response example (200)
{
  "method_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
  "method_type": "email",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}
Response example (400)
{
  "status_code": 400,
  "error_message": "Invalid magic link format, magic link missing or invalid.",
  "error_type": "invalid_magic_token"
}

Login or Create User by SMS

POST /v1/auth/otps/sms/login_or_create

Create an SMS OTP (one-time passcode) to the provided phone number for login verification. If no user account exists for the provided phone number, a new user will be created and OTP sent by SMS.

HTTP Request

POST /v1/auth/otps/sms/login_or_create

Returns

A successful response returns an object with user_id, user_created indicating if the user has been newly created, and phone_number_id properties.

Body

  • phone_number string Required

    E.164 formatted mobile phone number that uniquely identifies the user.

  • Expiration time of the OTP in minutes. Must be between 1 to 10 minutes, defaults to 1 minute.

  • Determines if verification for the authentication method (email, phone_number) is required before marking the user as active.

  • Device fingerprinting metadata for fraud detection during magic link token verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the Verify OTP step by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • User Agent of the browser originating the request.

Responses

POST /v1/auth/otps/sms/login_or_create
curl \
 -X POST https://api.streambird.io/v1/auth/otps/sms/login_or_create \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"phone_number":"+14152222222","expires_in":3}'
Request example
{
  "phone_number": "+14152222222",
  "expires_in": 3
}
Response example (200)
{
  "phone_number_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
  "user_created": false,
  "status": "pending",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Create SMS OTP

POST /v1/auth/otps/sms/send

Send an SMS OTP (one-time passcode) to the provided phone number for verification.

HTTP Request

POST /v1/auth/otps/sms/send

Returns

A successful response returns an object with user_id and phone_number_id properties.

Body

  • phone_number string Required

    E.164 formatted mobile phone number that uniquely identifies the user.

  • Expiration time of the OTP in minutes. Must be between 1 to 10 minutes, defaults to 1 minute.

  • Device fingerprinting metadata for fraud detection during magic link token verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the Verify OTP step by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • User Agent of the browser originating the request.

Responses

POST /v1/auth/otps/sms/send
curl \
 -X POST https://api.streambird.io/v1/auth/otps/sms/send \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"phone_number":"+14152222222","expires_in":3}'
Request example
{
  "phone_number": "+14152222222",
  "expires_in": 3
}
Response example (200)
{
  "phone_number_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Login or Create User by Email OTP

POST /v1/auth/otps/email/login_or_create

Create an OTP (one-time passcode) to the provided email for login verification. If no user account exists for the provided email, a new user will be created and email OTP sent.

HTTP Request

POST /v1/auth/otps/email/login_or_create

Returns

A successful response returns an object with user_id, user_created status indicating if the user has been newly created, and email_id properties.

Body

  • email string Required

    Email that uniquely identifies the user.

  • Expiration time of the OTP in minutes. Must be between 1 to 10 minutes, defaults to 1 minute.

  • Determines if verification for the authentication method (email, phone_number) is required before marking the user as active.

  • Device fingerprinting metadata for fraud detection during magic link token verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the Verify OTP step by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • User Agent of the browser originating the request.

Responses

POST /v1/auth/otps/email/login_or_create
curl \
 -X POST https://api.streambird.io/v1/auth/otps/email/login_or_create \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"email":"sandbox@streambird.io","expires_in":3}'
Request example
{
  "email": "sandbox@streambird.io",
  "expires_in": 3
}
Response example (200)
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "user_created": true,
  "status": "pending",
  "email_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7"
}

Create Email OTP

POST /v1/auth/otps/email/send

Send an OTP (one-time passcode) to the provided email for login verification.

HTTP Request

POST /v1/auth/otps/email/send

Returns

A successful response returns an object with user_id and email_id properties.

Body

  • email string Required

    Email that uniquely identifies the user.

  • Expiration time of the OTP in minutes. Must be between 1 to 10 minutes, defaults to 1 minute.

  • Device fingerprinting metadata for fraud detection during magic link token verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the Verify OTP step by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • User Agent of the browser originating the request.

Responses

POST /v1/auth/otps/email/send
curl \
 -X POST https://api.streambird.io/v1/auth/otps/email/send \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"email":"sandbox@streambird.io","expires_in":3}'
Request example
{
  "email": "sandbox@streambird.io",
  "expires_in": 3
}
Response example (200)
{
  "email_id": "email_26l7dYo0JPFLGmWNv1vNwcYh0FF",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Verify OTP (One-time passcode)

POST /v1/auth/otps/verify

Verify an OTP (one-time passcode) against a method ID (email, phone number) to authenticate the user. This endpoints verifies that the OTP sent in is valid for the given method ID.

HTTP Request

POST /v1/auth/otps/verify

Returns

A successful response returns an object with method_id, method_type, and verified user_id properties.

Body

  • method_id string Required

    Method ID to verify the OTP against. This can either be the phone_number_id or email_id returned by the send or login or create endpoints.

  • otp string Required

    OTP received by the User.

  • Device fingerprinting metadata for fraud detection during OTP code verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • User Agent of the browser originating the request.

  • Optional Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). This parameter will create a new session if there is no existing session along with a session_token and session_jwt. However, if a valid session_token or session_jwt is sent in, it will extend that session by the minutes specified. If not sent in, no session will be created by default.

  • Optional Unique session token to verify.

  • Optional Unique Session JWT to verify.

Responses

POST /v1/auth/otps/verify
curl \
 -X POST https://api.streambird.io/v1/auth/otps/verify \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"method_id":"pn_24oXBLRv6BoHXbNZoTAZkAFlRsy","otp":"829994","session_expires_in":100,"device_fingerprint":{"ip":"123.2.1.1"}}'
Request example
{
  "method_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
  "otp": "829994",
  "session_expires_in": 100,
  "device_fingerprint": {
    "ip": "123.2.1.1"
  }
}
Response example (200)
{
  "method_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
  "method_type": "phone_number",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "session_token": "7hssInGtOjKGUh8w7T4NjgLIKKSw6UdZ8uOduBYmJzrtfV6GrNtaUYoGehRS6jBh",
  "session": {
    "id": "sess_24tZ6tlJ7CxlTwB6Zoj6SHQ9vU3",
    "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
    "session_token": "7hssInGtOjKGUh8w7T4NjgLIKKSw6UdZ8uOduBYmJzrtfV6GrNtaUYoGehRS6jBh",
    "started_at": 1643496805,
    "expires_at": 1643502805,
    "last_active_at": 1643496805,
    "factors": [
      {
        "delivery_channel": "sms",
        "type": "otp",
        "method": {
          "method_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
          "method_type": "phone_number",
          "phone_number_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
          "phone_number": "+14152222222",
          "last_verified_at": 1643496805
        }
      }
    ],
    "device_fingerprint": {
      "user_agent": "",
      "ip": "123.2.1.1"
    },
    "updated_at": 1643496805,
    "created_at": 1643496805
  }
}

Google

GET /v1/auth/oauth/google/begin

Client side public endpoint to generate a redirect_url for OAuth provider that will direct the user to sign in via Google. User will first sign in to their Google account, Google will then call the Streambird callback URL set during the setup process for Google provider. Once Streambird completes the OAuth flow with Google, we will redirect back to the login/registration redirect URLs set for your App with an internal token for this session. You can then use this token to verify with our VerifyOAuthToken endpoint to retrieve the authenticated user and optionally the original access_token and refresh_token from Google.

HTTP Request

GET /v1/auth/oauth/google/begin

Query String Example

/v1/auth/oauth/google/begin?public_token=pk_live_bGcnsYLoObxCSvUcCNBEWgWkOFIBD6JQhx1bMTakf1R6QWrR&redirect=true&login_redirect_url=http://localhost:8080/register

Returns

A successful response returns an object with a redirect_url property. If redirect query parameter is set to true, a response with status code 302 will be returned, which allows the browser to automatically redirect to the returned redirect_url without custom client side redirect logic.

Query parameters

  • public_token string Required

    Required Public token of the App, public token can be exposed in the frontend and client side SDKs.

  • redirect boolean

    Optional Determines if the response should be a 302 auto redirect instead of returning the redirect_url in the json with a 200 status code.

  • Optional If an existing user is found, this URL will be used for redirect upon the completion of the OAuth flow

  • Optional If a new user is created, this URL will be used for redirect upon the completion of the OAuth flow

Responses

GET /v1/auth/oauth/google/begin
curl \
 -X GET https://api.streambird.io/v1/auth/oauth/google/begin?public_token=string
Response example (200)
{
  "redirect_url": "https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=1008100163226-56ujvvb72rat1rieggmi1kqepqpsjdsn.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Foauth%2Fgoogle%2Fcallback&response_type=code&scope=openid+email+profile&state=google-60ZMQkILtQYhb5QiEHIVZ8JUgmI0z54SYEWDWwkge4uZaDoo"
}
Response example (302)
# Headers
Location: https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=1008100163226-56ujvvb72rat1rieggmi1kqepqpsjdsn.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Foauth%2Fgoogle%2Fcallback&response_type=code&scope=openid+email+profile&state=google-60ZMQkILtQYhb5QiEHIVZ8JUgmI0z54SYEWDWwkge4uZaDoo

# Payload
{
  "redirect_url": "https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=1008100163226-56ujvvb72rat1rieggmi1kqepqpsjdsn.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Foauth%2Fgoogle%2Fcallback&response_type=code&scope=openid+email+profile&state=google-60ZMQkILtQYhb5QiEHIVZ8JUgmI0z54SYEWDWwkge4uZaDoo"
}

Apple

GET /v1/auth/oauth/apple/begin

Client side public endpoint to generate a redirect_url for OAuth provider that will direct the user to sign in via Apple. User will first sign in to their Apple account, Apple will then call the Streambird callback URL set during the setup process for Apple provider. Once Streambird completes the OAuth flow with Apple, we will redirect back to the login/registration redirect URLs set for your App with an internal token for this session. You can then use this token to verify with our VerifyOAuthToken endpoint to retrieve the authenticated user and optionally the original access_token and refresh_token from Apple.

HTTP Request

GET /v1/auth/oauth/apple/begin

Query String Example

/v1/auth/oauth/apple/begin?public_token=pk_live_bGcnsYLoObxCSvUcCNBEWgWkOFIBD6JQhx1bMTakf1R6QWrR&redirect=true&login_redirect_url=http://localhost:8080/register

Returns

A successful response returns an object with a redirect_url property. If redirect query parameter is set to true, a response with status code 302 will be returned, which allows the browser to automatically redirect to the returned redirect_url without custom client side redirect logic.

Query parameters

  • public_token string Required

    Required Public token of the App, public token can be exposed in the frontend and client side SDKs.

  • redirect boolean

    Optional Determines if the response should be a 302 auto redirect instead of returning the redirect_url in the json with a 200 status code.

  • Optional If an existing user is found, this URL will be used for redirect upon the completion of the OAuth flow

  • Optional If a new user is created, this URL will be used for redirect upon the completion of the OAuth flow

Responses

GET /v1/auth/oauth/apple/begin
curl \
 -X GET https://api.streambird.io/v1/auth/oauth/apple/begin?public_token=string
Response example (200)
{
  "redirect_url": "https://appleid.apple.com/auth/authorize?client_id=streambird.oauth&redirect_uri=https%3A%2F%2Fstreambird.dev%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_mode=form_post&response_type=code&scope=name%20email&state=apple-9QTXKuEEdj224OJBCa9PQKehd25hFieoGJWnGyIe3aY16p6TkIR8oPiQ1So1QHZM"
}
Response example (302)
# Headers
Location: https://appleid.apple.com/auth/authorize?client_id=streambird.oauth&redirect_uri=https%3A%2F%2Fstreambird.dev%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_mode=form_post&response_type=code&scope=name%20email&state=apple-9QTXKuEEdj224OJBCa9PQKehd25hFieoGJWnGyIe3aY16p6TkIR8oPiQ1So1QHZM

# Payload
{
  "redirect_url": "https://appleid.apple.com/auth/authorize?client_id=streambird.oauth&redirect_uri=https%3A%2F%2Fstreambird.dev%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_mode=form_post&response_type=code&scope=name%20email&state=apple-9QTXKuEEdj224OJBCa9PQKehd25hFieoGJWnGyIe3aY16p6TkIR8oPiQ1So1QHZM"
}

Microsoft

GET /v1/auth/oauth/microsoft/begin

Client side public endpoint to generate a redirect_url for OAuth provider that will direct the user to sign in via Microsoft. User will first sign in to their Microsoft account, Microsoft will then call the Streambird callback URL set during the setup process for Microsoft provider. Once Streambird completes the OAuth flow with Microsoft, we will redirect back to the login/registration redirect URLs set for your App with an internal token for this session. You can then use this token to verify with our VerifyOAuthToken endpoint to retrieve the authenticated user and optionally the original access_token and refresh_token from Microsoft.

HTTP Request

GET /v1/auth/oauth/microsoft/begin

Query String Example

/v1/auth/oauth/microsoft/begin?public_token=pk_live_bGcnsYLoObxCSvUcCNBEWgWkOFIBD6JQhx1bMTakf1R6QWrR&redirect=true&login_redirect_url=http://localhost:8080/register

Returns

A successful response returns an object with a redirect_url property. If redirect query parameter is set to true, a response with status code 302 will be returned, which allows the browser to automatically redirect to the returned redirect_url without custom client side redirect logic.

Query parameters

  • public_token string Required

    Required Public token of the App, public token can be exposed in the frontend and client side SDKs.

  • redirect boolean

    Optional Determines if the response should be a 302 auto redirect instead of returning the redirect_url in the json with a 200 status code.

  • Optional If an existing user is found, this URL will be used for redirect upon the completion of the OAuth flow

  • Optional If a new user is created, this URL will be used for redirect upon the completion of the OAuth flow

Responses

GET /v1/auth/oauth/microsoft/begin
curl \
 -X GET https://api.streambird.io/v1/auth/oauth/microsoft/begin?public_token=string
Response example (200)
{
  "redirect_url": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=90f32a8e-4013-4627-b67c-d8f0db966931&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=openid+email+profile&state=microsoft-F7j9hHnMeIWsHEHpwwgtDJ2T76TAEwmYHacp87uR7nJcbgltWST21zlMr1C5ORYp"
}
Response example (302)
# Headers
Location: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=90f32a8e-4013-4627-b67c-d8f0db966931&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=openid+email+profile&state=microsoft-F7j9hHnMeIWsHEHpwwgtDJ2T76TAEwmYHacp87uR7nJcbgltWST21zlMr1C5ORYp

# Payload
{
  "redirect_url": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=90f32a8e-4013-4627-b67c-d8f0db966931&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=openid+email+profile&state=microsoft-F7j9hHnMeIWsHEHpwwgtDJ2T76TAEwmYHacp87uR7nJcbgltWST21zlMr1C5ORYp"
}

Discord

GET /v1/auth/oauth/discord/begin

Client side public endpoint to generate a redirect_url for OAuth provider that will direct the user to sign in via Discord. User will first sign in to their Discord account, Discord will then call the Streambird callback URL set during the setup process for Discord provider. Once Streambird completes the OAuth flow with Discord, we will redirect back to the login/registration redirect URLs set for your App with an internal token for this session. You can then use this token to verify with our VerifyOAuthToken endpoint to retrieve the authenticated user and optionally the original access_token and refresh_token from Discord.

HTTP Request

GET /v1/auth/oauth/discord/begin

Query String Example

/v1/auth/oauth/discord/begin?public_token=pk_live_bGcnsYLoObxCSvUcCNBEWgWkOFIBD6JQhx1bMTakf1R6QWrR&redirect=true&login_redirect_url=http://localhost:8080/register

Returns

A successful response returns an object with a redirect_url property. If redirect query parameter is set to true, a response with status code 302 will be returned, which allows the browser to automatically redirect to the returned redirect_url without custom client side redirect logic.

Query parameters

  • public_token string Required

    Required Public token of the App, public token can be exposed in the frontend and client side SDKs.

  • redirect boolean

    Optional Determines if the response should be a 302 auto redirect instead of returning the redirect_url in the json with a 200 status code.

  • Optional If an existing user is found, this URL will be used for redirect upon the completion of the OAuth flow

  • Optional If a new user is created, this URL will be used for redirect upon the completion of the OAuth flow

Responses

GET /v1/auth/oauth/discord/begin
curl \
 -X GET https://api.streambird.io/v1/auth/oauth/discord/begin?public_token=string
Response example (200)
{
  "redirect_url": "https://discord.com/api/oauth2/authorize?access_type=online&client_id=910035262648750080&redirect_uri=https%3A%2F%2F8628-96-246-28-169.ngrok.io%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=email+identify&state=discord-KYy6j9CnAGdl2q92MH8DlCTSta1mSY5nR1cfZovyXT0RV2sIBA4artascOOUH084"
}
Response example (302)
# Headers
Location: https://discord.com/api/oauth2/authorize?access_type=online&client_id=910035262648750080&redirect_uri=https%3A%2F%2F8628-96-246-28-169.ngrok.io%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=email+identify&state=discord-KYy6j9CnAGdl2q92MH8DlCTSta1mSY5nR1cfZovyXT0RV2sIBA4artascOOUH084

# Payload
{
  "redirect_url": "https://discord.com/api/oauth2/authorize?access_type=online&client_id=910035262648750080&redirect_uri=https%3A%2F%2F8628-96-246-28-169.ngrok.io%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=email+identify&state=discord-KYy6j9CnAGdl2q92MH8DlCTSta1mSY5nR1cfZovyXT0RV2sIBA4artascOOUH084"
}

Github

GET /v1/auth/oauth/github/begin

Client side public endpoint to generate a redirect_url for OAuth provider that will direct the user to sign in via Github. User will first sign in to their Github account, Github will then call the Streambird callback URL set during the setup process for Github provider. Once Streambird completes the OAuth flow with Github, we will redirect back to the login/signup redirect URLs set for your App with an internal token for this session. You can then use this token to verify with our VerifyOAuthToken endpoint to retrieve the authenticated user and optionally the original access_token and refresh_token from Github.

HTTP Request

GET /v1/auth/oauth/github/begin

Query String Example

/v1/auth/oauth/github/begin?public_token=pk_live_bGcnsYLoObxCSvUcCNBEWgWkOFIBD6JQhx1bMTakf1R6QWrR&redirect=true&login_redirect_url=http://localhost:8080/register

Returns

A successful response returns an object with a redirect_url property. If redirect query parameter is set to true, a response with status code 302 will be returned, which allows the browser to automatically redirect to the returned redirect_url without custom client side redirect logic.

Query parameters

  • public_token string Required

    Required Public token of the App, public token can be exposed in the frontend and client side SDKs.

  • redirect boolean

    Optional Determines if the response should be a 302 auto redirect instead of returning the redirect_url in the json with a 200 status code.

  • Optional If an existing user is found, this URL will be used for redirect upon the completion of the OAuth flow

  • Optional If a new user is created, this URL will be used for redirect upon the completion of the OAuth flow

Responses

GET /v1/auth/oauth/github/begin
curl \
 -X GET https://api.streambird.io/v1/auth/oauth/github/begin?public_token=string
Response example (200)
{
  "redirect_url": "https://github.com/login/oauth/authorize?client_id=63a8d0c330e35260c229&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Foauthcb_28XPFGcXWv4UvjYYaG74yeZcepx&response_type=code&scope=read%3Auser+user%3Aemail&state=github-jjcHMiUbxPn6hli55B4v5LciXGAPj3dWqNYWTXsQ7xzj1pHhM4rBtrnXnQVSxds1"
}
Response example (302)
# Headers
Location: https://github.com/login/oauth/authorize?client_id=63a8d0c330e35260c229&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Foauthcb_28XPFGcXWv4UvjYYaG74yeZcepx&response_type=code&scope=read%3Auser+user%3Aemail&state=github-jjcHMiUbxPn6hli55B4v5LciXGAPj3dWqNYWTXsQ7xzj1pHhM4rBtrnXnQVSxds1

# Payload
{
  "redirect_url": "https://github.com/login/oauth/authorize?client_id=63a8d0c330e35260c229&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Foauthcb_28XPFGcXWv4UvjYYaG74yeZcepx&response_type=code&scope=read%3Auser+user%3Aemail&state=github-jjcHMiUbxPn6hli55B4v5LciXGAPj3dWqNYWTXsQ7xzj1pHhM4rBtrnXnQVSxds1"
}

Verify Token

POST /v1/auth/oauth/verify

Verify an internal OAuth token redirected to your application upon the completion of the OAuth flow. This token is generated by Streambird and can be used to exchange for the authenticated user information and/or the original access_token and refresh_token of the idp providers that can be used directly with the external OAuth providers (e.g., Google, Apple, Microsoft, etc).

HTTP Request

POST /v1/auth/oauth/verify

Returns

A successful response returns user_id, idp_session property with data from the OAuth provider by default. Session object in session property if any of the session_token, session_jwt, or session_expires_in is valid.

Body

  • token string Required

    Required OAuthToken provided to the login/signup redirect url to authenticate the OAuth session and exchange user info and idp access_token and refresh_token.

  • Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). This parameter will create a new session if there is no existing session along with a session_token and session_jwt. However, if a valid session_token or session_jwt is sent in, it will extend that session by the minutes specified. If not sent in and no valid session_token or session_jwt included, it will be ignored and no Streambird session will be created by default.

  • Unique session token to verify.

  • Unique Session JWT to verify.

Responses

POST /v1/auth/oauth/verify
curl \
 -X POST https://api.streambird.io/v1/auth/oauth/verify \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"token":"yRqkvNQVTwddlZV6D7S0ypSNpHlCbfYG4OAw3oUIVFFZ27UJ8R0xmRUQfNF59G9i"}'
Request example
{
  "token": "yRqkvNQVTwddlZV6D7S0ypSNpHlCbfYG4OAw3oUIVFFZ27UJ8R0xmRUQfNF59G9i"
}
Response example (200)
{
  "provider_subject": "100157402424066154830",
  "provider": "google",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "idp_session": {
    "idp": {
      "access_token": "ya29.A0ARrdaM9TnNfrdqDZmBIw7PBPjYf0HELFdxDCNC2cQRK7aqgsIfIusuCd0SJ5nx9dgGti2KU-rt_dIV7cpxasqpCpRq7VNyv-KsbC2-cn6j76p_wVmUwCKlWZ_3ZHx8WFdlIrLu-E1q3Ea_11zfmQCwuwgBMl",
      "refresh_token": "1//0d2jmQJmy0z17CgYIARAAGA0SNwF-L9IrF-jEvfwE-YNr_--Cqzu7MGnmtpLu0kklcFfgJzI2FSBib9_4wh1MAs4JKbAvue2XJoI"
    }
  },
  "session": null,
  "session_token": ""
}

Begin Wallet Registration

POST /v1/auth/wallets/registrations/begin

Initiates a wallet registration request for the specified user. This endpoint will return a challenge that must be signed by the private key of the wallet address you are registering against the user. Once verified, we will attach the wallet to the user specified.

HTTP Request

POST /v1/auth/wallets/registrations/begin

Returns

A successful response returns a WalletRegistration object.

Body

  • wallet_type string Required

    Determines the type of wallet to register. Possible values: ETH, SOL (more coming soon!).

  • public_address string Required

    Public wallet address of the wallet.

  • user_id string

    Unique user ID to associate the wallet with. If left blank/omitted and no user is previously attached to this wallet, we will create a user. Otherwise. we will return the user_id of attached to this wallet in the response.

Responses

POST /v1/auth/wallets/registrations/begin
curl \
 -X POST https://api.streambird.io/v1/auth/wallets/registrations/begin \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"wallet_type":"ETH","user_id":"user_24wFP9pDa9YiMJLun94iKykoZs2","public_address":"0xF7E9D631bfBd90C19691566Db4AB96697A2663C6"}'
Request example
{
  "wallet_type": "ETH",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "public_address": "0xF7E9D631bfBd90C19691566Db4AB96697A2663C6"
}
Response example (200)
{
  "id": "walletrr_24vOpv4TpCr2h7urXlV1rkwQPy7",
  "app_id": "app_24ydphdixx2ydhF0E5WUFUKWNqi",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "public_address": "0xf7e9d631bfbd90c19691566db4ab96697a2663c6",
  "wallet_type": "ETH",
  "challenge": "Login for My App: 5djrPeuvVwO8TAomZJCQ8uig9VeMb8eCxqgz9PIKrFY",
  "updated_at": 1644507779,
  "created_at": 1644507779
}

Verify Wallet (beta)

POST /v1/auth/wallets/verify

Verifies a wallet signature. This endpoint will verify the signature signed by the wallet private key using the challenge presented by the BeginWalletRegistration endpoint for the wallet address specified. If signature is valid, we will return the wallet object with its associated user ID. If the wallet is not previously attached the the user initiating the wallet registration, the wallet will be attached to the user.

HTTP Request

POST /v1/auth/wallets/verify

Returns

A successful response returns a Wallet object.

Body

  • wallet_type string Required

    Determines the type of wallet to register. Possible values: ETH, SOL (more coming soon!).

  • signature string Required

    Signed message using the associated private key of the wallet address. We expect ETH signed message to be base64 encoded (e.g. 0x...) and SOL signed message will be bs58 encoded.

  • public_address string Required

    Public wallet address of the wallet.

  • Optional Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). This parameter will create a new session if there is no existing session along with a session_token and session_jwt. However, if a valid session_token or session_jwt is sent in, it will extend that session by the minutes specified. If not sent in, no session will be created by default.

  • Optional Unique session token to verify.

  • Optional Unique Session JWT to verify.

Responses

POST /v1/auth/wallets/verify
curl \
 -X POST https://api.streambird.io/v1/auth/wallets/verify \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"wallet_type":"ETH","signature":"0xb27c94381c930151c4823fd4b7f0b45d700f0c9d30a7b98821413e07eef7604319a1dbc28dda881d0fc8d18b08aceeeb0fcdb80d6caec6f6e9901800c43894c31b","public_address":"0xF7E9D631bfBd90C19691566Db4AB96697A2663C6"}'
Request example
{
  "wallet_type": "ETH",
  "signature": "0xb27c94381c930151c4823fd4b7f0b45d700f0c9d30a7b98821413e07eef7604319a1dbc28dda881d0fc8d18b08aceeeb0fcdb80d6caec6f6e9901800c43894c31b",
  "public_address": "0xF7E9D631bfBd90C19691566Db4AB96697A2663C6"
}
Response example (200)
{
  "id": "wallet_24tdfcVDSJQpK5huDnZaqPP2aiI",
  "app_id": "app_24ydphdixx2ydhF0E5WUFUKWNqi",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "public_address": "0xf7e9d631bfbd90c19691566db4ab96697a2663c6",
  "wallet_type": "ETH",
  "is_default": false,
  "is_ready_only": true,
  "is_imported": true,
  "updated_at": 1644453920,
  "created_at": 1644453920
}

Create Wallet (beta)

POST /v1/wallets/create

Create a wallet for a given user. If an existing wallet of the given wallet type has been created for that user, it will be returned.

HTTP Request

POST /v1/auth/wallets/create

Returns

A successful response returns an Wallet object.

Body

  • wallet_type string Required

    Determines what type of wallet login. If the user does not have a default wallet of the same wallet_type, a new default wallet will be created for the user. Otherwise, the existing wallet of the same wallet type will be returned. Possible values: ETH, SOL, BTC, DOT, XLM (more wallets coming soon).

  • user_id string Required

    Required Unique User ID of the user to create a new wallet for.

POST /v1/wallets/create
curl \
 -X POST https://api.streambird.io/v1/wallets/create \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"wallet_type":"ETH","user_id":"user_2Cu2uVhYy0OVgRcO913OsqIVaPI"}'
Request example
{
  "wallet_type": "ETH",
  "user_id": "user_2Cu2uVhYy0OVgRcO913OsqIVaPI"
}
Response example (200)
{
  "id": "wallet_2Cu2uYcbwY9kcAFe2zd0P0SHftK",
  "app_id": "app_24ydphdixx2ydhF0E5WUFUKWNqi",
  "user_id": "user_2Cu2uVhYy0OVgRcO913OsqIVaPI",
  "public_address": "0xf1347fd847f19c250b4c9678ecaa27b0f6ce8804",
  "wallet_type": "ETH",
  "verified": true,
  "is_default": true,
  "is_read_only": false,
  "is_imported": false,
  "updated_at": 1659638371,
  "created_at": 1659638371
}

Get Wallet Balance (beta)

POST /v1/wallets/balance

Get wallet balance of a specific token/asset for a specific wallet.

HTTP Request

POST /v1/auth/wallets/balance

Returns

A successful response returns a balance property and a Wallet object.

Body

  • token_symbol string Required

    Token symbol of the asset to get balance for the specified wallet. Token symbol must be compatible with the wallet type of the specified wallet. For example, MATIC (Polygon) and ETH (Ethereum) will both be compatible with a wallet with wallet_type: "ETH" and not compatible with a wallet with wallet_type: "SOL". Possible values: ETH, SOL, AVAX, MATIC, USDC, USDT, LINK, DOT, XLM.

  • wallet_id string Required

    Unique wallet ID of the wallet to retrieve balance for.

POST /v1/wallets/balance
curl \
 -X POST https://api.streambird.io/v1/wallets/balance \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"token_symbol":"ETH","wallet_id":"wallet_2Cu7sm5dBTJA7DuVR0K3UtXsCRh"}'
Request example
{
  "token_symbol": "ETH",
  "wallet_id": "wallet_2Cu7sm5dBTJA7DuVR0K3UtXsCRh"
}
Response example (200)
{
  "balance": "14.8232",
  "token_symbol": "ETH",
  "wallet": {
    "id": "wallet_2Cu7sm5dBTJA7DuVR0K3UtXsCRh",
    "app_id": "app_25ldv51seNohTaYRsxdfoxMlAa2",
    "user_id": "user_2CablX3yylM1zISnst73dRCzCgw",
    "public_address": "0x9d6de42aee0ead08c3c2aec66bfe31adfcd411c4",
    "wallet_type": "ETH",
    "verified": true,
    "is_default": true,
    "is_read_only": false,
    "is_imported": false,
    "updated_at": 1659640824,
    "created_at": 1659640824
  }
}

Get Wallet (beta)

GET /v1/wallets/{wallet_id}

Get wallet using wallet ID.

HTTP Request

GET /v1/auth/wallets/{wallet_id}

Returns

A successful response returns a Wallet object.

GET /v1/wallets/{wallet_id}
curl \
 -X GET https://api.streambird.io/v1/wallets/{wallet_id} \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "id": "wallet_2DEtMc9niawvKOlEcbPh06IWp4Y",
  "app_id": "app_25ldv51seNohTaYRsxdfoxMlAa2",
  "user_id": "user_26l6ha8syVN8oqmaHaFShTxZ5RC",
  "public_address": "mvVHTdXktpvndv71QfU9AekTebBvgdZb1e",
  "wallet_type": "BTC",
  "verified": true,
  "is_default": true,
  "is_read_only": false,
  "is_imported": false,
  "updated_at": 1660276024,
  "created_at": 1660276024
}

List Wallet (beta)

GET /v1/wallets/list

List wallets within the app.

HTTP Request

GET /v1/auth/wallets/list

Query String Example

/v1/auth/wallets/list?user_id=user_26l6ha8syVN8oqmaHaFShTxZ5RC

Returns

A successful response returns list of Wallet objects.