Streambird Auth API
v1

Explore all the details of Streambird Auth API. All of our APIs are RESTful and accept and return JSON.

This is the documentation for version v1 of the API. Last update on Sep 26, 2022.

Base URL
https://api.streambird.io

Authentication

Authorization (http)

Auth Platform API includes all the Auth related features. All Users, Phone Numbers, Emails, and OTPs are associated with an App as the container.

Endpoints only accept App's Secret API keys other than certain endpoints that are used client side or via SDK that accept the public_token.

Authentication using App Api Key

Header:

Authorization: Bearer {api_key}

Authenticated Request

curl \
  -X GET https://api.streambird.io/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2 \
  -H "Authorization: Bearer sk_test_pRqweh3wvWmJAAVYv7Z0T5iPLzFM4ql0muoyQcjOxGeN3p1r"

Create User

POST /v1/auth/users/create

Creates a user in an App that requires authentication. Each user will have a default wallet created for the wallet_type sent in.

HTTP Request

POST /v1/auth/users/create

Returns

A successful response returns a User object with email_id and phone_number_id properties.

Body
  • email string

    Required if phone_number not present Email that uniquely identifies the user.

  • phone_number string

    Required if email not present E.164 formatted mobile phone number that uniquely identifies the user.

  • first_name string

    First name of the user.

  • middle_name string

    Middle name of the user.

  • last_name string

    Middle name of the user.

  • Determines if verification for the authentication method (email, phone_number) is required before marking the user as active.

  • wallet_type string

    Determines what type of wallet login. If the user does not have a default wallet of the same wallet_type, a new default wallet will be created for the user. If left blank, the default will be ETH. Possible values: ETH, SOL, BTC, DOT, XLM (more wallets coming soon).

  • include_user boolean

    Determines if the full user object should be returned. Defaults to false.

Responses
POST /v1/auth/users/create
curl \
 -X POST https://api.streambird.io/v1/auth/users/create \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"first_name":"John","last_name":"Smith","email":"sandbox@streambird.io","phone_number":"+14152222222","requires_verification":true}'
Request example
{
  "first_name": "John",
  "last_name": "Smith",
  "email": "sandbox@streambird.io",
  "phone_number": "+14152222222",
  "requires_verification": true
}
Response example (200)
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "status": "pending",
  "email_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
  "phone_number_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy"
}

Search Users (beta)

POST /v1/auth/users/search

Search users within an App.

HTTP Request

POST /v1/auth/users/search

Returns

A successful response returns a list of User objects in users property and also pagination related properties.

Body
  • limit number

    Number of objects to return per response, must be between 10 to 100, defaults to 50.

  • A cursor for use in pagination. starting_after is an object ID that defines your place in the search result when there are more results to fit into a single response. For instance, if you make a search request with limit of 100 objects, ending with user_123, your subsequent call can include starting_after: user_123 in order to fetch the next page of the search result.

  • filters object

    Filters object to apply to the search.

    • operator Required / string

      Required if filters property is present Logical operator to apply on the fields. Possible values: AND, OR.

    • fields array[object]

      Optional List of field filter objects.

      At least 1 element.

      • field Required / string

        Field to filter the search by. Possible values:

        • user_id - Filter by the unique ID(s) of the user. Compatible with eq and in operators.
        • status - Filter by the status of the user, accepted values: active, pending. Compatible with eq and in operators.
        • full_name_match - Filter by the fuzzy match of the user's full name ({first_name} {last_name}). Compatible with eq operator.
        • phone_number - Filter by associated the phone number(s) of the user. Compatible with eq and in operators.
        • phone_number_id - Filter by the associated phone number ID(s) of the user. Compatible with eq and in operators.
        • phone_number_match - Filter by the fuzzy match of the user's phone number(s). Compatible with eq operator.
        • phone_number_verified - Filter by the verified flag of the user's associated phone number(s). Compatible with eq operator.
        • email - Filter by the email of the user. Compatible with eq and in operators.
        • email_id - Filter by the associated email ID(s) of the user. Compatible with eq and in operators.
        • email_verified - Filter by the verified flag of the user's associated email(s). Compatible with eq operator.
        • email_match - Filter by the fuzzy match of the user's email(s). Compatible with eq operator.
        • wallet_public_address - Filter by the wallet public address of the user. Compatible with eq and in operators.
        • wallet_id - Filter by the associated wallet ID(s) of the user. Compatible with eq and in operators.
        • totp_id - Filter by the associated totp instance ID(s) of the user. Compatible with eq and in operators.
        • totp_verified - Filter by the verified flag of the TOTP instance(s). Compatible with eq operator.
        • idp_provider - Filter by the associated IdP/OAuth provider(s) of the user. Compatible with eq and in operators.

        Values are user_id, status, full_name_match, phone_number, phone_number_id, phone_number_match, phone_number_verified, email, email_id, email_verified, email_match, wallet_public_address, wallet_id, totp_id, totp_verified, or idp_provider.

      • operator Required / string

        Required Filter operator to apply for the field. Possible values: eq (translates to equals or = in SQL), between (translates to >= value AND <= second_value in SQL) , lt (translates to less than or < in SQL), gt (translates to greater than or > in SQL), in (translates to IN (value1, value2, ...) in SQL.)

      • value string | number | integer | boolean

        Optional Value to filter by and to be used with operators eq, between, lt, and gt.

      • second_value string | number | integer | boolean

        Optional Value to filter by and to be used with between operator.

      • values array[string | number]

        Optional Values to filter by and to be used with in operator.

Responses
POST /v1/auth/users/search
curl \
 -X POST https://api.streambird.io/v1/auth/users/search \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"limit":100,"filters":{"operator":"OR","fields":[{"field":"phone_number_match","operator":"eq","value":"2222222"}]}}'
Request example
{
  "limit": 100,
  "filters": {
    "operator": "OR",
    "fields": [
      {
        "field": "phone_number_match",
        "operator": "eq",
        "value": "2222222"
      }
    ]
  }
}
Response example (200)
{
  "users": [
    {
      "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
      "app_id": "app_24ydphdixx2ydhF0E5WUFUKWNqi",
      "first_name": "John",
      "middle_name": "",
      "last_name": "Smith",
      "active": true,
      "updated_at": 1639873806,
      "created_at": 1639873806,
      "emails": [
        {
          "id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
          "verified": false,
          "email": "sandbox@streambird.io",
          "updated_at": 1639873806,
          "created_at": 1639873806
        }
      ],
      "phone_numbers": [
        {
          "id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
          "verified": true,
          "phone_number": "+14152222222",
          "updated_at": 1643004687,
          "created_at": 1639873806
        }
      ],
      "wallets": [
        {
          "id": "wallet_24tdfcVDSJQpK5huDnZaqPP2aiI",
          "app_id": "app_24ydphdixx2ydhF0E5WUFUKWNqi",
          "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
          "public_address": "0xd3EfC42956c546Cf27B5f18062c63B4BF6d72D7c",
          "wallet_type": "ETH",
          "is_default": true,
          "updated_at": 1640133104,
          "created_at": 1640133104
        }
      ],
      "totps": [
        {
          "id": "totp_284EPXPYI5zZoh4pp2mpAQ2PnuY",
          "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
          "verified": false,
          "updated_at": 1650467433,
          "created_at": 1650467433
        }
      ]
    }
  ],
  "total_count": 10,
  "has_more": false
}

Get User

GET /v1/auth/users/{user_id}

Get a user with their various properties like emails, phone_numbers, and other attached identifiers.

HTTP Request

GET /v1/auth/users/{user_id}

Returns

A successful response returns a User object with linked identifiers such as emails, phone numbers in their corresponding properties.

Path parameters
  • user_id Required / string

    Unique User ID of the user.

Responses
GET /v1/auth/users/{user_id}
curl \
 -X GET https://api.streambird.io/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2 \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "first_name": "",
  "middle_name": "",
  "last_name": "",
  "status": "active",
  "active": true,
  "updated_at": 1646873318,
  "created_at": 1646873318,
  "emails": [
    {
      "id": "email_26AjWpEcss2YyqFh1san6Wjjs7o",
      "verified": true,
      "email": "hello@streambird.io",
      "updated_at": 1646957196,
      "created_at": 1646873318
    },
    {
      "id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
      "verified": false,
      "email": "sandbox@streambird.io",
      "updated_at": 1642703333,
      "created_at": 1642703333
    }
  ],
  "phone_numbers": [
    {
      "id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
      "verified": false,
      "phone_number": "+14152222222",
      "updated_at": 1642703333,
      "created_at": 1642703333
    }
  ],
  "idp_providers": [
    {
      "id": "idpuser_28SRho5nbD045LGq2btZWXhkdjN",
      "provider": "google",
      "provider_subject": "100157402424066154830",
      "idp_type": "oauth",
      "method_id": "email_26AjWpEcss2YyqFh1san6Wjjs7o",
      "method_type": "email",
      "updated_at": 1651208121,
      "created_at": 1651208121
    }
  ],
  "wallets": [
    {
      "id": "wallet_26AjWu075gRWMnjfPglcdoD2PAQ",
      "public_address": "0x863c381a56a58370f435b0100faba94e6462b6d1",
      "wallet_type": "ETH",
      "verified": true,
      "is_default": true,
      "is_read_only": false,
      "is_imported": false,
      "updated_at": 1646873319,
      "created_at": 1646873319
    }
  ],
  "totps": [],
  "webauthn_credentials": []
}

Update User

PUT /v1/auth/users/{user_id}/update

Update a user by ID.

HTTP Request

PUT /v1/auth/users/{user_id}/update

Returns

A successful response returns a User object in user owith linked emails and phone numbers in emails and phone_numbers properties.

Body
  • first_name string

    First name of the user.

  • middle_name string

    Middle name of the user.

  • last_name string

    Last name of the user.

  • emails array[object]

    List of Emails to attach to the user.

    At least 1 element.

    • email Required / string

      Email that uniquely identifies the user.

  • phone_numbers array[object]

    List of E.164 formatted mobile phone numbers to attach to the user.

    At least 1 element.

    • phone_number Required / string

      E.164 formatted mobile phone number that uniquely identifies the user.

Responses
PUT /v1/auth/users/{user_id}/update
curl \
 -X PUT https://api.streambird.io/v1/auth/users/{user_id}/update \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"first_name":"John","middle_name":"","last_name":"Smith","emails":[{"email":"sandbox@streambird.io"}],"phone_numbers":[{"phone_number":"+14152222222"}]}'
Request example
{
  "first_name": "John",
  "middle_name": "",
  "last_name": "Smith",
  "emails": [
    {
      "email": "sandbox@streambird.io"
    }
  ],
  "phone_numbers": [
    {
      "phone_number": "+14152222222"
    }
  ]
}
Response example (200)
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "phone_numbers": [
    {
      "id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
      "verified": false,
      "phone_number": "+14152222222",
      "updated_at": 1642703333,
      "created_at": 1642703333
    }
  ],
  "emails": [
    {
      "id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
      "verified": false,
      "email": "sandbox@streambird.io",
      "updated_at": 1642703333,
      "created_at": 1642703333
    }
  ],
  "user": {
    "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
    "first_name": "",
    "middle_name": "",
    "last_name": "",
    "status": "active",
    "active": true,
    "updated_at": 1646873318,
    "created_at": 1646873318,
    "emails": [
      {
        "id": "email_26AjWpEcss2YyqFh1san6Wjjs7o",
        "verified": true,
        "email": "hello@streambird.io",
        "updated_at": 1646957196,
        "created_at": 1646873318
      },
      {
        "id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
        "verified": false,
        "email": "sandbox@streambird.io",
        "updated_at": 1642703333,
        "created_at": 1642703333
      }
    ],
    "phone_numbers": [
      {
        "id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
        "verified": false,
        "phone_number": "+14152222222",
        "updated_at": 1642703333,
        "created_at": 1642703333
      }
    ],
    "idp_providers": [
      {
        "id": "idpuser_28SRho5nbD045LGq2btZWXhkdjN",
        "provider": "google",
        "provider_subject": "100157402424066154830",
        "idp_type": "oauth",
        "method_id": "email_26AjWpEcss2YyqFh1san6Wjjs7o",
        "method_type": "email",
        "updated_at": 1651208121,
        "created_at": 1651208121
      }
    ],
    "wallets": [
      {
        "id": "wallet_26AjWu075gRWMnjfPglcdoD2PAQ",
        "public_address": "0x863c381a56a58370f435b0100faba94e6462b6d1",
        "wallet_type": "ETH",
        "verified": true,
        "is_default": true,
        "is_read_only": false,
        "is_imported": false,
        "updated_at": 1646873319,
        "created_at": 1646873319
      }
    ],
    "totps": [],
    "webauthn_credentials": []
  }
}

Delete User

DELETE /v1/auth/users/{user_id}/delete

Delete a user by ID.

HTTP Request

DELETE /v1/auth/users/{user_id}/delete

Returns

A successful response returns an object with message and user_id properties.

Path parameters
  • user_id Required / string

    Unique User ID of the user.

Responses
  • 200 object
    • message Required / string

      Success message of the action.

    • user_id Required / string

      Unique User ID of the deleted user.

DELETE /v1/auth/users/{user_id}/delete
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "message": "Successfully deleted user",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Delete User Email

DELETE /v1/auth/users/emails/{email_id}/delete

Delete an email from the associated user.

HTTP Request

DELETE /v1/auth/users/emails/{email_id}/delete

Returns

A successful response returns an object with message and user_id properties.

Responses
  • 200 object
    • message Required / string

      Success message of the action.

    • user_id Required / string

      Unique User ID of the deleted user email.

DELETE /v1/auth/users/emails/{email_id}/delete
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/emails/{email_id}/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "message": "Successfully deleted user email",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Delete User Phone Number

DELETE /v1/auth/users/phone_number/{phone_number_id}/delete

Delete a phone number from the associated user.

HTTP Request

DELETE /v1/auth/users/phone_numbers/{phone_number_id}/delete

Returns

A successful response returns an object with message and user_id properties.

Responses
  • 200 object
    • message Required / string

      Success message of the action.

    • user_id Required / string

      Unique User ID of the deleted user phone number.

DELETE /v1/auth/users/phone_number/{phone_number_id}/delete
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/phone_number/{phone_number_id}/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "message": "Successfully deleted user phone number",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Delete User Wallet

DELETE /v1/auth/users/wallets/{wallet_id}/delete

Delete a read only imported wallet attached to a user.

HTTP Request

DELETE /v1/auth/users/wallets/{wallet_id}/delete

Returns

A successful response returns an object with user_id property.

Responses
  • 200 object
    • message Required / string

      Success message of the action.

    • user_id Required / string

      Unique User ID of the deleted wallet.

DELETE /v1/auth/users/wallets/{wallet_id}/delete
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/wallets/{wallet_id}/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "message": "Successfully deleted user wallet"
}

Delete User WebAuthn Credential

DELETE /v1/auth/users/webauthn_credentials/{webauthn_credential_id}/delete

Delete a WebAuthn credential from the associated user.

HTTP Request

DELETE /v1/auth/users/webauthn_credentials/{webauthn_credential_id}/delete

Returns

A successful response returns an object with user_id property.

Responses
  • 200 object
    • message Required / string

      Success message of the action.

    • user_id Required / string

      Unique User ID associated with the deleted WebAuthn credential.

DELETE /v1/auth/users/webauthn_credentials/{webauthn_credential_id}/delete
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/webauthn_credentials/{webauthn_credential_id}/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "message": "Successfully deleted user WebAuthn credential"
}

Delete User TOTP

DELETE /v1/auth/users/totps/{totp_id}/delete

Delete a TOTP attached to a user.

HTTP Request

DELETE /v1/auth/users/totps/{totp_id}/delete

Returns

A successful response returns an object with message and user_id properties.

Responses
  • 200 object
    • message Required / string

      Success message of the action.

    • user_id Required / string

      Unique User ID of the deleted TOTP instance.

DELETE /v1/auth/users/totps/{totp_id}/delete
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/totps/{totp_id}/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "message": "Successfully deleted user totp"
}

Verify Token

POST /v1/auth/magic_links/verify

Verify the magic token of a magic link to authenticate the user. This endpoints verifies that the magic token sent in is valid and returns the method ID and verified user ID.

HTTP Request

POST /v1/auth/magic_links/verify

Returns

A successful response returns an object with method_id, method_type, and verified user_id properties. If session parameters are sent in, session_token, session_jwt and session will be included in the response.

Body
  • token Required / string

    Required Magic Token in the Magic Link received by the User

  • Optional Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). This parameter will create a new session if there is no existing session along with a session_token and session_jwt. However, if a valid session_token or session_jwt is sent in, it will extend that session by the minutes specified. If not sent in, no session will be created by default.

  • session_token string

    Optional Unique session token to verify.

  • session_jwt string

    Optional Unique Session JWT to verify.

Responses
POST /v1/auth/magic_links/verify
curl \
 -X POST https://api.streambird.io/v1/auth/magic_links/verify \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"token":"CzJ1WTtyCF2wqhavQYiy9m7GayazthwamK4DKC07Ac6B2Fmn"}'
Request example
{
  "token": "CzJ1WTtyCF2wqhavQYiy9m7GayazthwamK4DKC07Ac6B2Fmn"
}
Response example (200)
{
  "method_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
  "method_type": "email",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}
Response example (400)
{
  "status_code": 400,
  "error_message": "Invalid magic link format, magic link missing or invalid.",
  "error_type": "invalid_magic_token"
}

Login or Create User by SMS

POST /v1/auth/otps/sms/login_or_create

Create an SMS OTP (one-time passcode) to the provided phone number for login verification. If no user account exists for the provided phone number, a new user will be created and OTP sent by SMS.

HTTP Request

POST /v1/auth/otps/sms/login_or_create

Returns

A successful response returns an object with user_id, user_created indicating if the user has been newly created, and phone_number_id properties.

Body
  • phone_number Required / string

    E.164 formatted mobile phone number that uniquely identifies the user.

  • expires_in number

    Expiration time of the OTP in minutes. Must be between 1 to 10 minutes, defaults to 1 minute.

  • Determines if verification for the authentication method (email, phone_number) is required before marking the user as active.

  • Device fingerprinting metadata for fraud detection during magic link token verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the Verify OTP step by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • user_agent string

      User Agent of the browser originating the request.

Responses
POST /v1/auth/otps/sms/login_or_create
curl \
 -X POST https://api.streambird.io/v1/auth/otps/sms/login_or_create \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"phone_number":"+14152222222","expires_in":3}'
Request example
{
  "phone_number": "+14152222222",
  "expires_in": 3
}
Response example (200)
{
  "phone_number_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
  "user_created": false,
  "status": "pending",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Create SMS OTP

POST /v1/auth/otps/sms/send

Send an SMS OTP (one-time passcode) to the provided phone number for verification.

HTTP Request

POST /v1/auth/otps/sms/send

Returns

A successful response returns an object with user_id and phone_number_id properties.

Body
  • phone_number Required / string

    E.164 formatted mobile phone number that uniquely identifies the user.

  • expires_in number

    Expiration time of the OTP in minutes. Must be between 1 to 10 minutes, defaults to 1 minute.

  • Device fingerprinting metadata for fraud detection during magic link token verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the Verify OTP step by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • user_agent string

      User Agent of the browser originating the request.

Responses
POST /v1/auth/otps/sms/send
curl \
 -X POST https://api.streambird.io/v1/auth/otps/sms/send \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"phone_number":"+14152222222","expires_in":3}'
Request example
{
  "phone_number": "+14152222222",
  "expires_in": 3
}
Response example (200)
{
  "phone_number_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Login or Create User by Email OTP

POST /v1/auth/otps/email/login_or_create

Create an OTP (one-time passcode) to the provided email for login verification. If no user account exists for the provided email, a new user will be created and email OTP sent.

HTTP Request

POST /v1/auth/otps/email/login_or_create

Returns

A successful response returns an object with user_id, user_created status indicating if the user has been newly created, and email_id properties.

Body
  • email Required / string

    Email that uniquely identifies the user.

  • expires_in number

    Expiration time of the OTP in minutes. Must be between 1 to 10 minutes, defaults to 1 minute.

  • Determines if verification for the authentication method (email, phone_number) is required before marking the user as active.

  • Device fingerprinting metadata for fraud detection during magic link token verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the Verify OTP step by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • user_agent string

      User Agent of the browser originating the request.

Responses
POST /v1/auth/otps/email/login_or_create
curl \
 -X POST https://api.streambird.io/v1/auth/otps/email/login_or_create \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"email":"sandbox@streambird.io","expires_in":3}'
Request example
{
  "email": "sandbox@streambird.io",
  "expires_in": 3
}
Response example (200)
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "user_created": true,
  "status": "pending",
  "email_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7"
}

Create Email OTP

POST /v1/auth/otps/email/send

Send an OTP (one-time passcode) to the provided email for login verification.

HTTP Request

POST /v1/auth/otps/email/send

Returns

A successful response returns an object with user_id and email_id properties.

Body
  • email Required / string

    Email that uniquely identifies the user.

  • expires_in number

    Expiration time of the OTP in minutes. Must be between 1 to 10 minutes, defaults to 1 minute.

  • Device fingerprinting metadata for fraud detection during magic link token verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the Verify OTP step by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • user_agent string

      User Agent of the browser originating the request.

Responses
POST /v1/auth/otps/email/send
curl \
 -X POST https://api.streambird.io/v1/auth/otps/email/send \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"email":"sandbox@streambird.io","expires_in":3}'
Request example
{
  "email": "sandbox@streambird.io",
  "expires_in": 3
}
Response example (200)
{
  "email_id": "email_26l7dYo0JPFLGmWNv1vNwcYh0FF",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Verify OTP (One-time passcode)

POST /v1/auth/otps/verify

Verify an OTP (one-time passcode) against a method ID (email, phone number) to authenticate the user. This endpoints verifies that the OTP sent in is valid for the given method ID.

HTTP Request

POST /v1/auth/otps/verify

Returns

A successful response returns an object with method_id, method_type, and verified user_id properties.

Body
  • method_id Required / string

    Method ID to verify the OTP against. This can either be the phone_number_id or email_id returned by the send or login or create endpoints.

  • otp Required / string

    OTP received by the User.

  • Device fingerprinting metadata for fraud detection during OTP code verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • user_agent string

      User Agent of the browser originating the request.

  • Optional Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). This parameter will create a new session if there is no existing session along with a session_token and session_jwt. However, if a valid session_token or session_jwt is sent in, it will extend that session by the minutes specified. If not sent in, no session will be created by default.

  • session_token string

    Optional Unique session token to verify.

  • session_jwt string

    Optional Unique Session JWT to verify.

Responses
POST /v1/auth/otps/verify
curl \
 -X POST https://api.streambird.io/v1/auth/otps/verify \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"method_id":"pn_24oXBLRv6BoHXbNZoTAZkAFlRsy","otp":"829994","session_expires_in":100,"device_fingerprint":{"ip":"123.2.1.1"}}'
Request example
{
  "method_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
  "otp": "829994",
  "session_expires_in": 100,
  "device_fingerprint": {
    "ip": "123.2.1.1"
  }
}
Response example (200)
{
  "method_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
  "method_type": "phone_number",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "session_token": "7hssInGtOjKGUh8w7T4NjgLIKKSw6UdZ8uOduBYmJzrtfV6GrNtaUYoGehRS6jBh",
  "session": {
    "id": "sess_24tZ6tlJ7CxlTwB6Zoj6SHQ9vU3",
    "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
    "session_token": "7hssInGtOjKGUh8w7T4NjgLIKKSw6UdZ8uOduBYmJzrtfV6GrNtaUYoGehRS6jBh",
    "started_at": 1643496805,
    "expires_at": 1643502805,
    "last_active_at": 1643496805,
    "factors": [
      {
        "delivery_channel": "sms",
        "type": "otp",
        "method": {
          "method_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
          "method_type": "phone_number",
          "phone_number_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
          "phone_number": "+14152222222",
          "last_verified_at": 1643496805
        }
      }
    ],
    "device_fingerprint": {
      "user_agent": "",
      "ip": "123.2.1.1"
    },
    "updated_at": 1643496805,
    "created_at": 1643496805
  }
}

Google

GET /v1/auth/oauth/google/begin

Client side public endpoint to generate a redirect_url for OAuth provider that will direct the user to sign in via Google. User will first sign in to their Google account, Google will then call the Streambird callback URL set during the setup process for Google provider. Once Streambird completes the OAuth flow with Google, we will redirect back to the login/registration redirect URLs set for your App with an internal token for this session. You can then use this token to verify with our VerifyOAuthToken endpoint to retrieve the authenticated user and optionally the original access_token and refresh_token from Google.

HTTP Request

GET /v1/auth/oauth/google/begin

Query String Example

/v1/auth/oauth/google/begin?public_token=pk_live_bGcnsYLoObxCSvUcCNBEWgWkOFIBD6JQhx1bMTakf1R6QWrR&redirect=true&login_redirect_url=http://localhost:8080/register

Returns

A successful response returns an object with a redirect_url property. If redirect query parameter is set to true, a response with status code 302 will be returned, which allows the browser to automatically redirect to the returned redirect_url without custom client side redirect logic.

Query parameters
  • public_token Required / string

    Required Public token of the App, public token can be exposed in the frontend and client side SDKs.

  • redirect boolean

    Optional Determines if the response should be a 302 auto redirect instead of returning the redirect_url in the json with a 200 status code.

  • Optional If an existing user is found, this URL will be used for redirect upon the completion of the OAuth flow

  • Optional If a new user is created, this URL will be used for redirect upon the completion of the OAuth flow

Responses
GET /v1/auth/oauth/google/begin
curl \
 -X GET https://api.streambird.io/v1/auth/oauth/google/begin?public_token=string
Response example (200)
{
  "redirect_url": "https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=1008100163226-56ujvvb72rat1rieggmi1kqepqpsjdsn.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Foauth%2Fgoogle%2Fcallback&response_type=code&scope=openid+email+profile&state=google-60ZMQkILtQYhb5QiEHIVZ8JUgmI0z54SYEWDWwkge4uZaDoo"
}
Response example (302)
# Headers
Location: https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=1008100163226-56ujvvb72rat1rieggmi1kqepqpsjdsn.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Foauth%2Fgoogle%2Fcallback&response_type=code&scope=openid+email+profile&state=google-60ZMQkILtQYhb5QiEHIVZ8JUgmI0z54SYEWDWwkge4uZaDoo

# Payload
{
  "redirect_url": "https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=1008100163226-56ujvvb72rat1rieggmi1kqepqpsjdsn.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Foauth%2Fgoogle%2Fcallback&response_type=code&scope=openid+email+profile&state=google-60ZMQkILtQYhb5QiEHIVZ8JUgmI0z54SYEWDWwkge4uZaDoo"
}

Apple

GET /v1/auth/oauth/apple/begin

Client side public endpoint to generate a redirect_url for OAuth provider that will direct the user to sign in via Apple. User will first sign in to their Apple account, Apple will then call the Streambird callback URL set during the setup process for Apple provider. Once Streambird completes the OAuth flow with Apple, we will redirect back to the login/registration redirect URLs set for your App with an internal token for this session. You can then use this token to verify with our VerifyOAuthToken endpoint to retrieve the authenticated user and optionally the original access_token and refresh_token from Apple.

HTTP Request

GET /v1/auth/oauth/apple/begin

Query String Example

/v1/auth/oauth/apple/begin?public_token=pk_live_bGcnsYLoObxCSvUcCNBEWgWkOFIBD6JQhx1bMTakf1R6QWrR&redirect=true&login_redirect_url=http://localhost:8080/register

Returns

A successful response returns an object with a redirect_url property. If redirect query parameter is set to true, a response with status code 302 will be returned, which allows the browser to automatically redirect to the returned redirect_url without custom client side redirect logic.

Query parameters
  • public_token Required / string

    Required Public token of the App, public token can be exposed in the frontend and client side SDKs.

  • redirect boolean

    Optional Determines if the response should be a 302 auto redirect instead of returning the redirect_url in the json with a 200 status code.

  • Optional If an existing user is found, this URL will be used for redirect upon the completion of the OAuth flow

  • Optional If a new user is created, this URL will be used for redirect upon the completion of the OAuth flow

Responses
GET /v1/auth/oauth/apple/begin
curl \
 -X GET https://api.streambird.io/v1/auth/oauth/apple/begin?public_token=string
Response example (200)
{
  "redirect_url": "https://appleid.apple.com/auth/authorize?client_id=streambird.oauth&redirect_uri=https%3A%2F%2Fstreambird.dev%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_mode=form_post&response_type=code&scope=name%20email&state=apple-9QTXKuEEdj224OJBCa9PQKehd25hFieoGJWnGyIe3aY16p6TkIR8oPiQ1So1QHZM"
}
Response example (302)
# Headers
Location: https://appleid.apple.com/auth/authorize?client_id=streambird.oauth&redirect_uri=https%3A%2F%2Fstreambird.dev%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_mode=form_post&response_type=code&scope=name%20email&state=apple-9QTXKuEEdj224OJBCa9PQKehd25hFieoGJWnGyIe3aY16p6TkIR8oPiQ1So1QHZM

# Payload
{
  "redirect_url": "https://appleid.apple.com/auth/authorize?client_id=streambird.oauth&redirect_uri=https%3A%2F%2Fstreambird.dev%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_mode=form_post&response_type=code&scope=name%20email&state=apple-9QTXKuEEdj224OJBCa9PQKehd25hFieoGJWnGyIe3aY16p6TkIR8oPiQ1So1QHZM"
}

Microsoft

GET /v1/auth/oauth/microsoft/begin

Client side public endpoint to generate a redirect_url for OAuth provider that will direct the user to sign in via Microsoft. User will first sign in to their Microsoft account, Microsoft will then call the Streambird callback URL set during the setup process for Microsoft provider. Once Streambird completes the OAuth flow with Microsoft, we will redirect back to the login/registration redirect URLs set for your App with an internal token for this session. You can then use this token to verify with our VerifyOAuthToken endpoint to retrieve the authenticated user and optionally the original access_token and refresh_token from Microsoft.

HTTP Request

GET /v1/auth/oauth/microsoft/begin

Query String Example

/v1/auth/oauth/microsoft/begin?public_token=pk_live_bGcnsYLoObxCSvUcCNBEWgWkOFIBD6JQhx1bMTakf1R6QWrR&redirect=true&login_redirect_url=http://localhost:8080/register

Returns

A successful response returns an object with a redirect_url property. If redirect query parameter is set to true, a response with status code 302 will be returned, which allows the browser to automatically redirect to the returned redirect_url without custom client side redirect logic.

Query parameters
  • public_token Required / string

    Required Public token of the App, public token can be exposed in the frontend and client side SDKs.

  • redirect boolean

    Optional Determines if the response should be a 302 auto redirect instead of returning the redirect_url in the json with a 200 status code.

  • Optional If an existing user is found, this URL will be used for redirect upon the completion of the OAuth flow

  • Optional If a new user is created, this URL will be used for redirect upon the completion of the OAuth flow

Responses
GET /v1/auth/oauth/microsoft/begin
curl \
 -X GET https://api.streambird.io/v1/auth/oauth/microsoft/begin?public_token=string
Response example (200)
{
  "redirect_url": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=90f32a8e-4013-4627-b67c-d8f0db966931&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=openid+email+profile&state=microsoft-F7j9hHnMeIWsHEHpwwgtDJ2T76TAEwmYHacp87uR7nJcbgltWST21zlMr1C5ORYp"
}
Response example (302)
# Headers
Location: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=90f32a8e-4013-4627-b67c-d8f0db966931&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=openid+email+profile&state=microsoft-F7j9hHnMeIWsHEHpwwgtDJ2T76TAEwmYHacp87uR7nJcbgltWST21zlMr1C5ORYp

# Payload
{
  "redirect_url": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=90f32a8e-4013-4627-b67c-d8f0db966931&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=openid+email+profile&state=microsoft-F7j9hHnMeIWsHEHpwwgtDJ2T76TAEwmYHacp87uR7nJcbgltWST21zlMr1C5ORYp"
}

Discord

GET /v1/auth/oauth/discord/begin

Client side public endpoint to generate a redirect_url for OAuth provider that will direct the user to sign in via Discord. User will first sign in to their Discord account, Discord will then call the Streambird callback URL set during the setup process for Discord provider. Once Streambird completes the OAuth flow with Discord, we will redirect back to the login/registration redirect URLs set for your App with an internal token for this session. You can then use this token to verify with our VerifyOAuthToken endpoint to retrieve the authenticated user and optionally the original access_token and refresh_token from Discord.

HTTP Request

GET /v1/auth/oauth/discord/begin

Query String Example

/v1/auth/oauth/discord/begin?public_token=pk_live_bGcnsYLoObxCSvUcCNBEWgWkOFIBD6JQhx1bMTakf1R6QWrR&redirect=true&login_redirect_url=http://localhost:8080/register

Returns

A successful response returns an object with a redirect_url property. If redirect query parameter is set to true, a response with status code 302 will be returned, which allows the browser to automatically redirect to the returned redirect_url without custom client side redirect logic.

Query parameters
  • public_token Required / string

    Required Public token of the App, public token can be exposed in the frontend and client side SDKs.

  • redirect boolean

    Optional Determines if the response should be a 302 auto redirect instead of returning the redirect_url in the json with a 200 status code.

  • Optional If an existing user is found, this URL will be used for redirect upon the completion of the OAuth flow

  • Optional If a new user is created, this URL will be used for redirect upon the completion of the OAuth flow

Responses
GET /v1/auth/oauth/discord/begin
curl \
 -X GET https://api.streambird.io/v1/auth/oauth/discord/begin?public_token=string
Response example (200)
{
  "redirect_url": "https://discord.com/api/oauth2/authorize?access_type=online&client_id=910035262648750080&redirect_uri=https%3A%2F%2F8628-96-246-28-169.ngrok.io%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=email+identify&state=discord-KYy6j9CnAGdl2q92MH8DlCTSta1mSY5nR1cfZovyXT0RV2sIBA4artascOOUH084"
}
Response example (302)
# Headers
Location: https://discord.com/api/oauth2/authorize?access_type=online&client_id=910035262648750080&redirect_uri=https%3A%2F%2F8628-96-246-28-169.ngrok.io%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=email+identify&state=discord-KYy6j9CnAGdl2q92MH8DlCTSta1mSY5nR1cfZovyXT0RV2sIBA4artascOOUH084

# Payload
{
  "redirect_url": "https://discord.com/api/oauth2/authorize?access_type=online&client_id=910035262648750080&redirect_uri=https%3A%2F%2F8628-96-246-28-169.ngrok.io%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=email+identify&state=discord-KYy6j9CnAGdl2q92MH8DlCTSta1mSY5nR1cfZovyXT0RV2sIBA4artascOOUH084"
}

Github

GET /v1/auth/oauth/github/begin

Client side public endpoint to generate a redirect_url for OAuth provider that will direct the user to sign in via Github. User will first sign in to their Github account, Github will then call the Streambird callback URL set during the setup process for Github provider. Once Streambird completes the OAuth flow with Github, we will redirect back to the login/signup redirect URLs set for your App with an internal token for this session. You can then use this token to verify with our VerifyOAuthToken endpoint to retrieve the authenticated user and optionally the original access_token and refresh_token from Github.

HTTP Request

GET /v1/auth/oauth/github/begin

Query String Example

/v1/auth/oauth/github/begin?public_token=pk_live_bGcnsYLoObxCSvUcCNBEWgWkOFIBD6JQhx1bMTakf1R6QWrR&redirect=true&login_redirect_url=http://localhost:8080/register

Returns

A successful response returns an object with a redirect_url property. If redirect query parameter is set to true, a response with status code 302 will be returned, which allows the browser to automatically redirect to the returned redirect_url without custom client side redirect logic.

Query parameters
  • public_token Required / string

    Required Public token of the App, public token can be exposed in the frontend and client side SDKs.

  • redirect boolean

    Optional Determines if the response should be a 302 auto redirect instead of returning the redirect_url in the json with a 200 status code.

  • Optional If an existing user is found, this URL will be used for redirect upon the completion of the OAuth flow

  • Optional If a new user is created, this URL will be used for redirect upon the completion of the OAuth flow

Responses
GET /v1/auth/oauth/github/begin
curl \
 -X GET https://api.streambird.io/v1/auth/oauth/github/begin?public_token=string
Response example (200)
{
  "redirect_url": "https://github.com/login/oauth/authorize?client_id=63a8d0c330e35260c229&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Foauthcb_28XPFGcXWv4UvjYYaG74yeZcepx&response_type=code&scope=read%3Auser+user%3Aemail&state=github-jjcHMiUbxPn6hli55B4v5LciXGAPj3dWqNYWTXsQ7xzj1pHhM4rBtrnXnQVSxds1"
}
Response example (302)
# Headers
Location: https://github.com/login/oauth/authorize?client_id=63a8d0c330e35260c229&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Foauthcb_28XPFGcXWv4UvjYYaG74yeZcepx&response_type=code&scope=read%3Auser+user%3Aemail&state=github-jjcHMiUbxPn6hli55B4v5LciXGAPj3dWqNYWTXsQ7xzj1pHhM4rBtrnXnQVSxds1

# Payload
{
  "redirect_url": "https://github.com/login/oauth/authorize?client_id=63a8d0c330e35260c229&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Foauthcb_28XPFGcXWv4UvjYYaG74yeZcepx&response_type=code&scope=read%3Auser+user%3Aemail&state=github-jjcHMiUbxPn6hli55B4v5LciXGAPj3dWqNYWTXsQ7xzj1pHhM4rBtrnXnQVSxds1"
}

Verify Token

POST /v1/auth/oauth/verify

Verify an internal OAuth token redirected to your application upon the completion of the OAuth flow. This token is generated by Streambird and can be used to exchange for the authenticated user information and/or the original access_token and refresh_token of the idp providers that can be used directly with the external OAuth providers (e.g., Google, Apple, Microsoft, etc).

HTTP Request

POST /v1/auth/oauth/verify

Returns

A successful response returns user_id, idp_session property with data from the OAuth provider by default. Session object in session property if any of the session_token, session_jwt, or session_expires_in is valid.

Body
  • token Required / string

    Required OAuthToken provided to the login/signup redirect url to authenticate the OAuth session and exchange user info and idp access_token and refresh_token.

  • Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). This parameter will create a new session if there is no existing session along with a session_token and session_jwt. However, if a valid session_token or session_jwt is sent in, it will extend that session by the minutes specified. If not sent in and no valid session_token or session_jwt included, it will be ignored and no Streambird session will be created by default.

  • session_token string

    Unique session token to verify.

  • session_jwt string

    Unique Session JWT to verify.

Responses
POST /v1/auth/oauth/verify
curl \
 -X POST https://api.streambird.io/v1/auth/oauth/verify \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"token":"yRqkvNQVTwddlZV6D7S0ypSNpHlCbfYG4OAw3oUIVFFZ27UJ8R0xmRUQfNF59G9i"}'
Request example
{
  "token": "yRqkvNQVTwddlZV6D7S0ypSNpHlCbfYG4OAw3oUIVFFZ27UJ8R0xmRUQfNF59G9i"
}
Response example (200)
{
  "provider_subject": "100157402424066154830",
  "provider": "google",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "idp_session": {
    "idp": {
      "access_token": "ya29.A0ARrdaM9TnNfrdqDZmBIw7PBPjYf0HELFdxDCNC2cQRK7aqgsIfIusuCd0SJ5nx9dgGti2KU-rt_dIV7cpxasqpCpRq7VNyv-KsbC2-cn6j76p_wVmUwCKlWZ_3ZHx8WFdlIrLu-E1q3Ea_11zfmQCwuwgBMl",
      "refresh_token": "1//0d2jmQJmy0z17CgYIARAAGA0SNwF-L9IrF-jEvfwE-YNr_--Cqzu7MGnmtpLu0kklcFfgJzI2FSBib9_4wh1MAs4JKbAvue2XJoI"
    }
  },
  "session": null,
  "session_token": ""
}

GetJWKs

GET /v1/auth/jwks/default

Get JWK Set using a publishable PublicToken or secret ApiKey. It serves as a wrapper on top of GetJWKsByApp and infers the app_id from the api key used.

HTTP Request

GET /v1/auth/jwks/default

Returns

A successful response returns a JWK Set object.

Responses
  • 200 object
    • keys Required / array[object]

      At least 1 element.

      • alg Required / string
      • e Required / string
      • key_ops Required / array[object]
      • kid Required / string
      • kty Required / string
      • n Required / string
      • use Required / string
      • x5c Required / array[object]
      • x5t#S256 Required / string
GET /v1/auth/jwks/default
curl \
 -X GET https://api.streambird.io/v1/auth/jwks/default \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "keys": [
    {
      "alg": "RS256",
      "e": "AQAB",
      "key_ops": [
        "verify"
      ],
      "kid": "jwk_27D5uOThR2dsgraX7WVoELG4qEX",
      "kty": "RSA",
      "n": "uoIQ4EXnR_iRaDc2QTJAMOphBUDBvKKgldlLvX-8uJ8VcqTtoKU2ojMqGZlEFSW-h2rBwh4j5sny_4tOWXdWJ0x6k2ZAVlVddqtfDBb3oM-l2OjcLox43sO3hr4O7n57sbFQvJLXOr_SQof8qWhR2d8yo_GGXJV6Shr57P0sTIFwRJ3YbBYs806WZzB6J8Ze8BzcUXDA_tCRKOhM-GMVFxWPXYHm-A7lkqEQSd7z8AzyfNQOew1lPAgAGIJYciD1kxQK5B3RjDrcf9q11x7vRPlCWCan8WrtS351uzxLzjtdVoV8C5atTumgw2P-sx6oAOhdvUSIfi_kh8LtPwbI5w",
      "use": "sig",
      "x5c": [
        "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoIQ4EXnR/iRaDc2QTJAMOphBUDBvKKgldlLvX+8uJ8VcqTtoKU2ojMqGZlEFSW+h2rBwh4j5sny/4tOWXdWJ0x6k2ZAVlVddqtfDBb3oM+l2OjcLox43sO3hr4O7n57sbFQvJLXOr/SQof8qWhR2d8yo/GGXJV6Shr57P0sTIFwRJ3YbBYs806WZzB6J8Ze8BzcUXDA/tCRKOhM+GMVFxWPXYHm+A7lkqEQSd7z8AzyfNQOew1lPAgAGIJYciD1kxQK5B3RjDrcf9q11x7vRPlCWCan8WrtS351uzxLzjtdVoV8C5atTumgw2P+sx6oAOhdvUSIfi/kh8LtPwbI5wIDAQAB"
      ],
      "x5t#S256": "NX58stxO+soCSJsfxxF9rwtxxCv/6QRC51hjqFPFTL0="
    }
  ]
}

GetJWKsByApp

GET /v1/auth/jwks/{app_id}

Get JWK Set for the App.

HTTP Request

GET /v1/auth/jwks/{app_id}

Request String Example

/v1/auth/jwks/app_24ydphdixx2ydhF0E5WUFUKWNqi

Returns

A successful response returns a JWK Set object.

Responses
  • 200 object
    • keys Required / array[object]

      At least 1 element.

      • alg Required / string
      • e Required / string
      • key_ops Required / array[object]
      • kid Required / string
      • kty Required / string
      • n Required / string
      • use Required / string
      • x5c Required / array[object]
      • x5t#S256 Required / string
GET /v1/auth/jwks/{app_id}
curl \
 -X GET https://api.streambird.io/v1/auth/jwks/{app_id} \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "keys": [
    {
      "alg": "RS256",
      "e": "AQAB",
      "key_ops": [
        "verify"
      ],
      "kid": "jwk_27D5uOThR2dsgraX7WVoELG4qEX",
      "kty": "RSA",
      "n": "uoIQ4EXnR_iRaDc2QTJAMOphBUDBvKKgldlLvX-8uJ8VcqTtoKU2ojMqGZlEFSW-h2rBwh4j5sny_4tOWXdWJ0x6k2ZAVlVddqtfDBb3oM-l2OjcLox43sO3hr4O7n57sbFQvJLXOr_SQof8qWhR2d8yo_GGXJV6Shr57P0sTIFwRJ3YbBYs806WZzB6J8Ze8BzcUXDA_tCRKOhM-GMVFxWPXYHm-A7lkqEQSd7z8AzyfNQOew1lPAgAGIJYciD1kxQK5B3RjDrcf9q11x7vRPlCWCan8WrtS351uzxLzjtdVoV8C5atTumgw2P-sx6oAOhdvUSIfi_kh8LtPwbI5w",
      "use": "sig",
      "x5c": [
        "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoIQ4EXnR/iRaDc2QTJAMOphBUDBvKKgldlLvX+8uJ8VcqTtoKU2ojMqGZlEFSW+h2rBwh4j5sny/4tOWXdWJ0x6k2ZAVlVddqtfDBb3oM+l2OjcLox43sO3hr4O7n57sbFQvJLXOr/SQof8qWhR2d8yo/GGXJV6Shr57P0sTIFwRJ3YbBYs806WZzB6J8Ze8BzcUXDA/tCRKOhM+GMVFxWPXYHm+A7lkqEQSd7z8AzyfNQOew1lPAgAGIJYciD1kxQK5B3RjDrcf9q11x7vRPlCWCan8WrtS351uzxLzjtdVoV8C5atTumgw2P+sx6oAOhdvUSIfi/kh8LtPwbI5wIDAQAB"
      ],
      "x5t#S256": "NX58stxO+soCSJsfxxF9rwtxxCv/6QRC51hjqFPFTL0="
    }
  ]
}

List Sessions

GET /v1/auth/sessions/list

List identity sessions in an App by user ID.

HTTP Request

POST /v1/auth/sessions/list

Query String Example

/v1/auth/sessions/list?user_id=user_24wFP9pDa9YiMJLun94iKykoZs2

Returns

A successful response returns list of Sessionobjects with associated authentication factors that include unique identifiers and delivery methods in the sessions property.

Query parameters
  • user_id Required / string

    Unique User ID to retrieve active sessions.

Responses
GET /v1/auth/sessions/list
curl \
 -X GET https://api.streambird.io/v1/auth/sessions/list?user_id=user_24wFP9pDa9YiMJLun94iKykoZs2 \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200)
{
  "sessions": [
    {
      "id": "sess_24tZ6tlJ7CxlTwB6Zoj6SHQ9vU3",
      "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
      "session_token": "NGTCMAk51ItYAan83C6BLYXm7iJsKY0kCpsVj5WdJGg10eslpceC6MSS2RSqbUzT",
      "started_at": 1643163802,
      "expires_at": 1643763867,
      "last_active_at": 1643163867,
      "factors": [
        {
          "delivery_channel": "sms",
          "type": "otp",
          "method": {
            "method_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
            "method_type": "phone_number",
            "phone_number_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
            "phone_number": "+14152222222",
            "last_verified_at": 1643163802
          }
        }
      ],
      "device_fingerprint": {
        "user_agent": "",
        "ip": ""
      },
      "updated_at": 1643163867,
      "created_at": 1643163802
    }
  ]
}

Verify Session

POST /v1/auth/sessions/verify

Verify session in an application by session token and/or optionally extend the expiration time of the session by N minutes from now if the session_expires_in property is present.

HTTP Request

POST /v1/auth/sessions/verify

Returns

A successful response returns a Session object with associated authentication factors that include unique identifiers and delivery methods.

Body
  • session_token string

    Required if session_jwt not present Unique Session Token to verify.

  • session_jwt string

    Required if session_token not present Unique Session JWT to verify.

  • Optional Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). If there is no existing session or invalid session identified by either session_id, session_token, or session_jwt, it will return an error. However, if a valid session_token or session_jwt is sent in, it will extend that session by the minutes specified.

Responses