Streambird Auth API
v1

Explore all the details of Streambird Auth API. All of our APIs are RESTful and accept and return JSON.

This is the documentation for version v1 of the API. Last update on Sep 26, 2022.

Base URL 
https://api.streambird.io

Authentication

Authorization (http)

Auth Platform API includes all the Auth related features. All Users, Phone Numbers, Emails, and OTPs are associated with an App as the container.

Endpoints only accept App's Secret API keys other than certain endpoints that are used client side or via SDK that accept the public_token.

Authentication using App Api Key

Header:

Authorization: Bearer {api_key}

Authenticated Request

curl \
  -X GET https://api.streambird.io/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2 \
  -H "Authorization: Bearer sk_test_pRqweh3wvWmJAAVYv7Z0T5iPLzFM4ql0muoyQcjOxGeN3p1r"

Users

User management API

Create User

POST /v1/auth/users/create
Authorization

Creates a user in an App that requires authentication. Each user will have a default wallet created for the wallet_type sent in.

HTTP Request

POST /v1/auth/users/create

Returns

A successful response returns a User object with email_id and phone_number_id properties.

Body
  • email string

    Required if phone_number not present Email that uniquely identifies the user.

  • phone_number string

    Required if email not present E.164 formatted mobile phone number that uniquely identifies the user.

  • first_name string

    First name of the user.

  • middle_name string

    Middle name of the user.

  • last_name string

    Middle name of the user.

  • requires_verification boolean

    Determines if verification for the authentication method (email, phone_number) is required before marking the user as active.

  • wallet_type string

    Determines what type of wallet login. If the user does not have a default wallet of the same wallet_type, a new default wallet will be created for the user. If left blank, the default will be ETH. Possible values: ETH, SOL, BTC, DOT, XLM (more wallets coming soon).

  • include_user boolean

    Determines if the full user object should be returned. Defaults to false.

Responses
POST /v1/auth/users/create 
curl \
 -X POST https://api.streambird.io/v1/auth/users/create \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"first_name":"John","last_name":"Smith","email":"sandbox@streambird.io","phone_number":"+14152222222","requires_verification":true}'
Request example 
{
  "first_name": "John",
  "last_name": "Smith",
  "email": "sandbox@streambird.io",
  "phone_number": "+14152222222",
  "requires_verification": true
}
Response example (200) 
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "status": "pending",
  "email_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
  "phone_number_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy"
}

Search Users (beta)

POST /v1/auth/users/search
Authorization

Search users within an App.

HTTP Request

POST /v1/auth/users/search

Returns

A successful response returns a list of User objects in users property and also pagination related properties.

Body
  • limit number

    Number of objects to return per response, must be between 10 to 100, defaults to 50.

  • starting_after string

    A cursor for use in pagination. starting_after is an object ID that defines your place in the search result when there are more results to fit into a single response. For instance, if you make a search request with limit of 100 objects, ending with user_123, your subsequent call can include starting_after: user_123 in order to fetch the next page of the search result.

  • filters object

    Filters object to apply to the search.

    • operator Required / string

      Required if filters property is present Logical operator to apply on the fields. Possible values: AND, OR.

    • fields array[object]

      Optional List of field filter objects.

      At least 1 element.

      • field Required / string

        Field to filter the search by. Possible values:

        • user_id - Filter by the unique ID(s) of the user. Compatible with eq and in operators.
        • status - Filter by the status of the user, accepted values: active, pending. Compatible with eq and in operators.
        • full_name_match - Filter by the fuzzy match of the user's full name ({first_name} {last_name}). Compatible with eq operator.
        • phone_number - Filter by associated the phone number(s) of the user. Compatible with eq and in operators.
        • phone_number_id - Filter by the associated phone number ID(s) of the user. Compatible with eq and in operators.
        • phone_number_match - Filter by the fuzzy match of the user's phone number(s). Compatible with eq operator.
        • phone_number_verified - Filter by the verified flag of the user's associated phone number(s). Compatible with eq operator.
        • email - Filter by the email of the user. Compatible with eq and in operators.
        • email_id - Filter by the associated email ID(s) of the user. Compatible with eq and in operators.
        • email_verified - Filter by the verified flag of the user's associated email(s). Compatible with eq operator.
        • email_match - Filter by the fuzzy match of the user's email(s). Compatible with eq operator.
        • wallet_public_address - Filter by the wallet public address of the user. Compatible with eq and in operators.
        • wallet_id - Filter by the associated wallet ID(s) of the user. Compatible with eq and in operators.
        • totp_id - Filter by the associated totp instance ID(s) of the user. Compatible with eq and in operators.
        • totp_verified - Filter by the verified flag of the TOTP instance(s). Compatible with eq operator.
        • idp_provider - Filter by the associated IdP/OAuth provider(s) of the user. Compatible with eq and in operators.

        Values are user_id, status, full_name_match, phone_number, phone_number_id, phone_number_match, phone_number_verified, email, email_id, email_verified, email_match, wallet_public_address, wallet_id, totp_id, totp_verified, or idp_provider.

      • operator Required / string

        Required Filter operator to apply for the field. Possible values: eq (translates to equals or = in SQL), between (translates to >= value AND <= second_value in SQL) , lt (translates to less than or < in SQL), gt (translates to greater than or > in SQL), in (translates to IN (value1, value2, ...) in SQL.)

      • value string | number | integer | boolean

        Optional Value to filter by and to be used with operators eq, between, lt, and gt.

      • second_value string | number | integer | boolean

        Optional Value to filter by and to be used with between operator.

      • values array[string | number]

        Optional Values to filter by and to be used with in operator.

Responses
POST /v1/auth/users/search 
curl \
 -X POST https://api.streambird.io/v1/auth/users/search \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"limit":100,"filters":{"operator":"OR","fields":[{"field":"phone_number_match","operator":"eq","value":"2222222"}]}}'
Request example 
{
  "limit": 100,
  "filters": {
    "operator": "OR",
    "fields": [
      {
        "field": "phone_number_match",
        "operator": "eq",
        "value": "2222222"
      }
    ]
  }
}
Response example (200) 
{
  "users": [
    {
      "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
      "app_id": "app_24ydphdixx2ydhF0E5WUFUKWNqi",
      "first_name": "John",
      "middle_name": "",
      "last_name": "Smith",
      "active": true,
      "updated_at": 1639873806,
      "created_at": 1639873806,
      "emails": [
        {
          "id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
          "verified": false,
          "email": "sandbox@streambird.io",
          "updated_at": 1639873806,
          "created_at": 1639873806
        }
      ],
      "phone_numbers": [
        {
          "id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
          "verified": true,
          "phone_number": "+14152222222",
          "updated_at": 1643004687,
          "created_at": 1639873806
        }
      ],
      "wallets": [
        {
          "id": "wallet_24tdfcVDSJQpK5huDnZaqPP2aiI",
          "app_id": "app_24ydphdixx2ydhF0E5WUFUKWNqi",
          "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
          "public_address": "0xd3EfC42956c546Cf27B5f18062c63B4BF6d72D7c",
          "wallet_type": "ETH",
          "is_default": true,
          "updated_at": 1640133104,
          "created_at": 1640133104
        }
      ],
      "totps": [
        {
          "id": "totp_284EPXPYI5zZoh4pp2mpAQ2PnuY",
          "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
          "verified": false,
          "updated_at": 1650467433,
          "created_at": 1650467433
        }
      ]
    }
  ],
  "total_count": 10,
  "has_more": false
}

Get User

GET /v1/auth/users/{user_id}
Authorization

Get a user with their various properties like emails, phone_numbers, and other attached identifiers.

HTTP Request

GET /v1/auth/users/{user_id}

Returns

A successful response returns a User object with linked identifiers such as emails, phone numbers in their corresponding properties.

Path parameters
  • user_id Required / string

    Unique User ID of the user.

Responses
GET /v1/auth/users/{user_id} 
curl \
 -X GET https://api.streambird.io/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2 \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200) 
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "first_name": "",
  "middle_name": "",
  "last_name": "",
  "status": "active",
  "active": true,
  "updated_at": 1646873318,
  "created_at": 1646873318,
  "emails": [
    {
      "id": "email_26AjWpEcss2YyqFh1san6Wjjs7o",
      "verified": true,
      "email": "hello@streambird.io",
      "updated_at": 1646957196,
      "created_at": 1646873318
    },
    {
      "id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
      "verified": false,
      "email": "sandbox@streambird.io",
      "updated_at": 1642703333,
      "created_at": 1642703333
    }
  ],
  "phone_numbers": [
    {
      "id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
      "verified": false,
      "phone_number": "+14152222222",
      "updated_at": 1642703333,
      "created_at": 1642703333
    }
  ],
  "idp_providers": [
    {
      "id": "idpuser_28SRho5nbD045LGq2btZWXhkdjN",
      "provider": "google",
      "provider_subject": "100157402424066154830",
      "idp_type": "oauth",
      "method_id": "email_26AjWpEcss2YyqFh1san6Wjjs7o",
      "method_type": "email",
      "updated_at": 1651208121,
      "created_at": 1651208121
    }
  ],
  "wallets": [
    {
      "id": "wallet_26AjWu075gRWMnjfPglcdoD2PAQ",
      "public_address": "0x863c381a56a58370f435b0100faba94e6462b6d1",
      "wallet_type": "ETH",
      "verified": true,
      "is_default": true,
      "is_read_only": false,
      "is_imported": false,
      "updated_at": 1646873319,
      "created_at": 1646873319
    }
  ],
  "totps": [],
  "webauthn_credentials": []
}

Update User

PUT /v1/auth/users/{user_id}/update
Authorization

Update a user by ID.

HTTP Request

PUT /v1/auth/users/{user_id}/update

Returns

A successful response returns a User object in user owith linked emails and phone numbers in emails and phone_numbers properties.

Body
  • first_name string

    First name of the user.

  • middle_name string

    Middle name of the user.

  • last_name string

    Last name of the user.

  • emails array[object]

    List of Emails to attach to the user.

    At least 1 element.

    • email Required / string

      Email that uniquely identifies the user.

  • phone_numbers array[object]

    List of E.164 formatted mobile phone numbers to attach to the user.

    At least 1 element.

    • phone_number Required / string

      E.164 formatted mobile phone number that uniquely identifies the user.

Responses
PUT /v1/auth/users/{user_id}/update 
curl \
 -X PUT https://api.streambird.io/v1/auth/users/{user_id}/update \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"first_name":"John","middle_name":"","last_name":"Smith","emails":[{"email":"sandbox@streambird.io"}],"phone_numbers":[{"phone_number":"+14152222222"}]}'
Request example 
{
  "first_name": "John",
  "middle_name": "",
  "last_name": "Smith",
  "emails": [
    {
      "email": "sandbox@streambird.io"
    }
  ],
  "phone_numbers": [
    {
      "phone_number": "+14152222222"
    }
  ]
}
Response example (200) 
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "phone_numbers": [
    {
      "id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
      "verified": false,
      "phone_number": "+14152222222",
      "updated_at": 1642703333,
      "created_at": 1642703333
    }
  ],
  "emails": [
    {
      "id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
      "verified": false,
      "email": "sandbox@streambird.io",
      "updated_at": 1642703333,
      "created_at": 1642703333
    }
  ],
  "user": {
    "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
    "first_name": "",
    "middle_name": "",
    "last_name": "",
    "status": "active",
    "active": true,
    "updated_at": 1646873318,
    "created_at": 1646873318,
    "emails": [
      {
        "id": "email_26AjWpEcss2YyqFh1san6Wjjs7o",
        "verified": true,
        "email": "hello@streambird.io",
        "updated_at": 1646957196,
        "created_at": 1646873318
      },
      {
        "id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
        "verified": false,
        "email": "sandbox@streambird.io",
        "updated_at": 1642703333,
        "created_at": 1642703333
      }
    ],
    "phone_numbers": [
      {
        "id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
        "verified": false,
        "phone_number": "+14152222222",
        "updated_at": 1642703333,
        "created_at": 1642703333
      }
    ],
    "idp_providers": [
      {
        "id": "idpuser_28SRho5nbD045LGq2btZWXhkdjN",
        "provider": "google",
        "provider_subject": "100157402424066154830",
        "idp_type": "oauth",
        "method_id": "email_26AjWpEcss2YyqFh1san6Wjjs7o",
        "method_type": "email",
        "updated_at": 1651208121,
        "created_at": 1651208121
      }
    ],
    "wallets": [
      {
        "id": "wallet_26AjWu075gRWMnjfPglcdoD2PAQ",
        "public_address": "0x863c381a56a58370f435b0100faba94e6462b6d1",
        "wallet_type": "ETH",
        "verified": true,
        "is_default": true,
        "is_read_only": false,
        "is_imported": false,
        "updated_at": 1646873319,
        "created_at": 1646873319
      }
    ],
    "totps": [],
    "webauthn_credentials": []
  }
}

Delete User

DELETE /v1/auth/users/{user_id}/delete
Authorization

Delete a user by ID.

HTTP Request

DELETE /v1/auth/users/{user_id}/delete

Returns

A successful response returns an object with message and user_id properties.

Path parameters
  • user_id Required / string

    Unique User ID of the user.

Responses
  • 200 object
    • message Required / string

      Success message of the action.

    • user_id Required / string

      Unique User ID of the deleted user.

DELETE /v1/auth/users/{user_id}/delete 
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200) 
{
  "message": "Successfully deleted user",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Delete User Email

DELETE /v1/auth/users/emails/{email_id}/delete
Authorization

Delete an email from the associated user.

HTTP Request

DELETE /v1/auth/users/emails/{email_id}/delete

Returns

A successful response returns an object with message and user_id properties.

Responses
  • 200 object
    • message Required / string

      Success message of the action.

    • user_id Required / string

      Unique User ID of the deleted user email.

DELETE /v1/auth/users/emails/{email_id}/delete 
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/emails/{email_id}/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200) 
{
  "message": "Successfully deleted user email",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Delete User Phone Number

DELETE /v1/auth/users/phone_number/{phone_number_id}/delete
Authorization

Delete a phone number from the associated user.

HTTP Request

DELETE /v1/auth/users/phone_numbers/{phone_number_id}/delete

Returns

A successful response returns an object with message and user_id properties.

Responses
  • 200 object
    • message Required / string

      Success message of the action.

    • user_id Required / string

      Unique User ID of the deleted user phone number.

DELETE /v1/auth/users/phone_number/{phone_number_id}/delete 
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/phone_number/{phone_number_id}/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200) 
{
  "message": "Successfully deleted user phone number",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Delete User Wallet

DELETE /v1/auth/users/wallets/{wallet_id}/delete
Authorization

Delete a read only imported wallet attached to a user.

HTTP Request

DELETE /v1/auth/users/wallets/{wallet_id}/delete

Returns

A successful response returns an object with user_id property.

Responses
  • 200 object
    • message Required / string

      Success message of the action.

    • user_id Required / string

      Unique User ID of the deleted wallet.

DELETE /v1/auth/users/wallets/{wallet_id}/delete 
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/wallets/{wallet_id}/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200) 
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "message": "Successfully deleted user wallet"
}

Delete User WebAuthn Credential

DELETE /v1/auth/users/webauthn_credentials/{webauthn_credential_id}/delete
Authorization

Delete a WebAuthn credential from the associated user.

HTTP Request

DELETE /v1/auth/users/webauthn_credentials/{webauthn_credential_id}/delete

Returns

A successful response returns an object with user_id property.

Responses
  • 200 object
    • message Required / string

      Success message of the action.

    • user_id Required / string

      Unique User ID associated with the deleted WebAuthn credential.

DELETE /v1/auth/users/webauthn_credentials/{webauthn_credential_id}/delete 
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/webauthn_credentials/{webauthn_credential_id}/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200) 
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "message": "Successfully deleted user WebAuthn credential"
}

Delete User TOTP

DELETE /v1/auth/users/totps/{totp_id}/delete
Authorization

Delete a TOTP attached to a user.

HTTP Request

DELETE /v1/auth/users/totps/{totp_id}/delete

Returns

A successful response returns an object with message and user_id properties.

Responses
  • 200 object
    • message Required / string

      Success message of the action.

    • user_id Required / string

      Unique User ID of the deleted TOTP instance.

DELETE /v1/auth/users/totps/{totp_id}/delete 
curl \
 -X DELETE https://api.streambird.io/v1/auth/users/totps/{totp_id}/delete \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200) 
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "message": "Successfully deleted user totp"
}

Login or Create User by Magic Link

POST /v1/auth/magic_links/email/login_or_create
Authorization

Create an email Magic Link to the provided email for login verification. If no user account exists, a new user will be created and Magic Link sent.

HTTP Request

POST /v1/auth/magic_links/email/login_or_create

Returns

A successful response returns an object with user_id, user_created indicating if the user has been newly created, and email_id properties.

Body
  • email Required / string

    Required Email that uniquely identifies the user.

  • login_redirect_url string

    The base url we will use to construct the final login magic link and send to the user via email if this is a login (existing user). If the redirect_url is https://streambird.io/authenticate, final url user sees in email will be https://streambird.io/authenticate?token=autogeneratedmagictoken. We will redirect to your app in this url and your app should handle and parse the token parameter and allow the user log in. If no url is sent in, we will use the default redirect url set in the Console and if no default redirect url is available, an error will be returned.

  • registration_redirect_url string

    The base url we will use to construct the final login magic link and send to the user via email if this is a registration (new user). If the redirect_url is https://streambird.io/authenticate, final url user sees in email will be https://streambird.io/authenticate?token=autogeneratedmagictoken. We will redirect to your app in this url and your app should handle and parse the token parameter and register the user. If no url is sent in, we will use the default redirect url set in the Console and if no default redirect url is available, an error will be returned.

  • login_expires_in number

    Expiration time of the magic link in minutes for login (when an existing user is found) Must be between 5 to 10080 minutes (7 days), defaults to 60 minutes.

  • registration_expires_in number

    Expiration time of the magic link in minutes for registration (when a new user is created). Must be between 5 to 10080 minutes (7 days), defaults to 60 minutes.

  • requires_verification boolean

    Determines if verification for the authentication method (email, phone_number) is required before marking the user as active.

  • device_fingerprint object

    Device fingerprinting metadata for fraud detection during magic link token verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the Verify Token step by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • user_agent string

      User Agent of the browser originating the request.

POST /v1/auth/magic_links/email/login_or_create 
curl \
 -X POST https://api.streambird.io/v1/auth/magic_links/email/login_or_create \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"email":"sandbox@streambird.io","expires_in":60,"login_redirect_url":"http://localhost:8081/authenticate","registration_redirect_url":"http://localhost:8081/authenticate"}'
Request example 
{
  "email": "sandbox@streambird.io",
  "expires_in": 60,
  "login_redirect_url": "http://localhost:8081/authenticate",
  "registration_redirect_url": "http://localhost:8081/authenticate"
}
Response example (200) 
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "status": "active",
  "user_created": false,
  "updated_at": 1630989225,
  "created_at": 1630989225,
  "email_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7"
}

Invite User by Magic Link

POST /v1/auth/magic_links/email/invite
Authorization

Create an email Magic Link to the provided email for invite verification. If no user account exists, a new user will be created and Magic Link sent.

HTTP Request

POST /v1/auth/magic_links/email/invite

Returns

A successful response returns an object with user_id and email_id properties.

Body
  • email Required / string

    Required Email that uniquely identifies the user.

  • first_name string

    First name of the user.

  • middle_name string

    Middle name of the user.

  • last_name string

    Last name of the user.

  • invite_redirect_url string

    The base url we will use to construct the final invite magic link and send to the user via email. If the redirect_url is https://streambird.io/authenticate, final url user sees in email will be https://streambird.io/authenticate?token=autogeneratedmagictoken. We will redirect to your app in this url and your app should handle and parse the token parameter and allow the user to accept invite. If no url is sent in, we will use the default redirect url set in the Console and if no default redirect url is available, an error will be returned.

  • invite_expires_in number

    Expiration time of the magic link in minutes for invite. Must be between 5 to 10080 minutes (7 days), defaults to 60 minutes.

  • device_fingerprint object

    Device fingerprinting metadata for fraud detection during magic link token verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the Verify Token step by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • user_agent string

      User Agent of the browser originating the request.

POST /v1/auth/magic_links/email/invite 
curl \
 -X POST https://api.streambird.io/v1/auth/magic_links/email/invite \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"first_name":"John","last_name":"Smith","email":"sandbox@streambird.io","invite_expires_in":180}'
Request example 
{
  "first_name": "John",
  "last_name": "Smith",
  "email": "sandbox@streambird.io",
  "invite_expires_in": 180
}
Response example (200) 
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "status": "pending",
  "user_created": true,
  "email_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7"
}

Create Embeddable Magic Link

POST /v1/auth/magic_links/create
Authorization

Create an embeddable token for Magic Link for a specific user. The token can be used with a custom email or any other methods of delivery to your user.

HTTP Request

POST /v1/auth/magic_links/create

Returns

A successful response returns an object with user_id, token properties.

Body
  • user_id Required / string

    Given Unique ID that identifies the user.

  • expires_in number

    Expiration time of the magic link in minutes. Must be between 5 to 10080 minutes (7 days).

  • device_fingerprint object

    Device fingerprinting metadata for fraud detection during magic link token verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the Verify Token step by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • user_agent string

      User Agent of the browser originating the request.

POST /v1/auth/magic_links/create 
curl \
 -X POST https://api.streambird.io/v1/auth/magic_links/create \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"user_id":"user_24wFP9pDa9YiMJLun94iKykoZs2","expires_in":60}'
Request example 
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "expires_in": 60
}
Response example (200) 
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "token": "kto7dNK1tnsuCT95CTLeRiJaGP3lmWN50iDIbruTrCG6BFxz"
}

Verify Token

POST /v1/auth/magic_links/verify
Authorization

Verify the magic token of a magic link to authenticate the user. This endpoints verifies that the magic token sent in is valid and returns the method ID and verified user ID.

HTTP Request

POST /v1/auth/magic_links/verify

Returns

A successful response returns an object with method_id, method_type, and verified user_id properties. If session parameters are sent in, session_token, session_jwt and session will be included in the response.

Body
  • token Required / string

    Required Magic Token in the Magic Link received by the User

  • session_expires_in integer

    Optional Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). This parameter will create a new session if there is no existing session along with a session_token and session_jwt. However, if a valid session_token or session_jwt is sent in, it will extend that session by the minutes specified. If not sent in, no session will be created by default.

  • session_token string

    Optional Unique session token to verify.

  • session_jwt string

    Optional Unique Session JWT to verify.

Responses
POST /v1/auth/magic_links/verify 
curl \
 -X POST https://api.streambird.io/v1/auth/magic_links/verify \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"token":"CzJ1WTtyCF2wqhavQYiy9m7GayazthwamK4DKC07Ac6B2Fmn"}'
Request example 
{
  "token": "CzJ1WTtyCF2wqhavQYiy9m7GayazthwamK4DKC07Ac6B2Fmn"
}
Response example (200) 
{
  "method_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
  "method_type": "email",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}
Response example (400) 
{
  "status_code": 400,
  "error_message": "Invalid magic link format, magic link missing or invalid.",
  "error_type": "invalid_magic_token"
}

OTPs

Send OTP (One-time passcodes) by all the supported delivery methods such as SMS, email.

Login or Create User by SMS

POST /v1/auth/otps/sms/login_or_create
Authorization

Create an SMS OTP (one-time passcode) to the provided phone number for login verification. If no user account exists for the provided phone number, a new user will be created and OTP sent by SMS.

HTTP Request

POST /v1/auth/otps/sms/login_or_create

Returns

A successful response returns an object with user_id, user_created indicating if the user has been newly created, and phone_number_id properties.

Body
  • phone_number Required / string

    E.164 formatted mobile phone number that uniquely identifies the user.

  • expires_in number

    Expiration time of the OTP in minutes. Must be between 1 to 10 minutes, defaults to 1 minute.

  • requires_verification boolean

    Determines if verification for the authentication method (email, phone_number) is required before marking the user as active.

  • device_fingerprint object

    Device fingerprinting metadata for fraud detection during magic link token verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the Verify OTP step by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • user_agent string

      User Agent of the browser originating the request.

Responses
POST /v1/auth/otps/sms/login_or_create 
curl \
 -X POST https://api.streambird.io/v1/auth/otps/sms/login_or_create \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"phone_number":"+14152222222","expires_in":3}'
Request example 
{
  "phone_number": "+14152222222",
  "expires_in": 3
}
Response example (200) 
{
  "phone_number_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
  "user_created": false,
  "status": "pending",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Create SMS OTP

POST /v1/auth/otps/sms/send
Authorization

Send an SMS OTP (one-time passcode) to the provided phone number for verification.

HTTP Request

POST /v1/auth/otps/sms/send

Returns

A successful response returns an object with user_id and phone_number_id properties.

Body
  • phone_number Required / string

    E.164 formatted mobile phone number that uniquely identifies the user.

  • expires_in number

    Expiration time of the OTP in minutes. Must be between 1 to 10 minutes, defaults to 1 minute.

  • device_fingerprint object

    Device fingerprinting metadata for fraud detection during magic link token verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the Verify OTP step by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • user_agent string

      User Agent of the browser originating the request.

Responses
POST /v1/auth/otps/sms/send 
curl \
 -X POST https://api.streambird.io/v1/auth/otps/sms/send \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"phone_number":"+14152222222","expires_in":3}'
Request example 
{
  "phone_number": "+14152222222",
  "expires_in": 3
}
Response example (200) 
{
  "phone_number_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Login or Create User by Email OTP

POST /v1/auth/otps/email/login_or_create
Authorization

Create an OTP (one-time passcode) to the provided email for login verification. If no user account exists for the provided email, a new user will be created and email OTP sent.

HTTP Request

POST /v1/auth/otps/email/login_or_create

Returns

A successful response returns an object with user_id, user_created status indicating if the user has been newly created, and email_id properties.

Body
  • email Required / string

    Email that uniquely identifies the user.

  • expires_in number

    Expiration time of the OTP in minutes. Must be between 1 to 10 minutes, defaults to 1 minute.

  • requires_verification boolean

    Determines if verification for the authentication method (email, phone_number) is required before marking the user as active.

  • device_fingerprint object

    Device fingerprinting metadata for fraud detection during magic link token verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the Verify OTP step by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • user_agent string

      User Agent of the browser originating the request.

Responses
POST /v1/auth/otps/email/login_or_create 
curl \
 -X POST https://api.streambird.io/v1/auth/otps/email/login_or_create \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"email":"sandbox@streambird.io","expires_in":3}'
Request example 
{
  "email": "sandbox@streambird.io",
  "expires_in": 3
}
Response example (200) 
{
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "user_created": true,
  "status": "pending",
  "email_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7"
}

Create Email OTP

POST /v1/auth/otps/email/send
Authorization

Send an OTP (one-time passcode) to the provided email for login verification.

HTTP Request

POST /v1/auth/otps/email/send

Returns

A successful response returns an object with user_id and email_id properties.

Body
  • email Required / string

    Email that uniquely identifies the user.

  • expires_in number

    Expiration time of the OTP in minutes. Must be between 1 to 10 minutes, defaults to 1 minute.

  • device_fingerprint object

    Device fingerprinting metadata for fraud detection during magic link token verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the Verify OTP step by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • user_agent string

      User Agent of the browser originating the request.

Responses
POST /v1/auth/otps/email/send 
curl \
 -X POST https://api.streambird.io/v1/auth/otps/email/send \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"email":"sandbox@streambird.io","expires_in":3}'
Request example 
{
  "email": "sandbox@streambird.io",
  "expires_in": 3
}
Response example (200) 
{
  "email_id": "email_26l7dYo0JPFLGmWNv1vNwcYh0FF",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}

Verify OTP (One-time passcode)

POST /v1/auth/otps/verify
Authorization

Verify an OTP (one-time passcode) against a method ID (email, phone number) to authenticate the user. This endpoints verifies that the OTP sent in is valid for the given method ID.

HTTP Request

POST /v1/auth/otps/verify

Returns

A successful response returns an object with method_id, method_type, and verified user_id properties.

Body
  • method_id Required / string

    Method ID to verify the OTP against. This can either be the phone_number_id or email_id returned by the send or login or create endpoints.

  • otp Required / string

    OTP received by the User.

  • device_fingerprint object

    Device fingerprinting metadata for fraud detection during OTP code verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

    • ip string

      IP of the user originating the request.

    • user_agent string

      User Agent of the browser originating the request.

  • session_expires_in number

    Optional Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). This parameter will create a new session if there is no existing session along with a session_token and session_jwt. However, if a valid session_token or session_jwt is sent in, it will extend that session by the minutes specified. If not sent in, no session will be created by default.

  • session_token string

    Optional Unique session token to verify.

  • session_jwt string

    Optional Unique Session JWT to verify.

Responses
POST /v1/auth/otps/verify 
curl \
 -X POST https://api.streambird.io/v1/auth/otps/verify \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"method_id":"pn_24oXBLRv6BoHXbNZoTAZkAFlRsy","otp":"829994","session_expires_in":100,"device_fingerprint":{"ip":"123.2.1.1"}}'
Request example 
{
  "method_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
  "otp": "829994",
  "session_expires_in": 100,
  "device_fingerprint": {
    "ip": "123.2.1.1"
  }
}
Response example (200) 
{
  "method_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
  "method_type": "phone_number",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "session_token": "7hssInGtOjKGUh8w7T4NjgLIKKSw6UdZ8uOduBYmJzrtfV6GrNtaUYoGehRS6jBh",
  "session": {
    "id": "sess_24tZ6tlJ7CxlTwB6Zoj6SHQ9vU3",
    "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
    "session_token": "7hssInGtOjKGUh8w7T4NjgLIKKSw6UdZ8uOduBYmJzrtfV6GrNtaUYoGehRS6jBh",
    "started_at": 1643496805,
    "expires_at": 1643502805,
    "last_active_at": 1643496805,
    "factors": [
      {
        "delivery_channel": "sms",
        "type": "otp",
        "method": {
          "method_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
          "method_type": "phone_number",
          "phone_number_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
          "phone_number": "+14152222222",
          "last_verified_at": 1643496805
        }
      }
    ],
    "device_fingerprint": {
      "user_agent": "",
      "ip": "123.2.1.1"
    },
    "updated_at": 1643496805,
    "created_at": 1643496805
  }
}

OAuth

Google

GET /v1/auth/oauth/google/begin

Client side public endpoint to generate a redirect_url for OAuth provider that will direct the user to sign in via Google. User will first sign in to their Google account, Google will then call the Streambird callback URL set during the setup process for Google provider. Once Streambird completes the OAuth flow with Google, we will redirect back to the login/registration redirect URLs set for your App with an internal token for this session. You can then use this token to verify with our VerifyOAuthToken endpoint to retrieve the authenticated user and optionally the original access_token and refresh_token from Google.

HTTP Request

GET /v1/auth/oauth/google/begin

Query String Example

/v1/auth/oauth/google/begin?public_token=pk_live_bGcnsYLoObxCSvUcCNBEWgWkOFIBD6JQhx1bMTakf1R6QWrR&redirect=true&login_redirect_url=http://localhost:8080/register

Returns

A successful response returns an object with a redirect_url property. If redirect query parameter is set to true, a response with status code 302 will be returned, which allows the browser to automatically redirect to the returned redirect_url without custom client side redirect logic.

Query parameters
  • public_token Required / string

    Required Public token of the App, public token can be exposed in the frontend and client side SDKs.

  • redirect boolean

    Optional Determines if the response should be a 302 auto redirect instead of returning the redirect_url in the json with a 200 status code.

  • login_redirect_url string

    Optional If an existing user is found, this URL will be used for redirect upon the completion of the OAuth flow

  • registration_redirect_url string

    Optional If a new user is created, this URL will be used for redirect upon the completion of the OAuth flow

Responses
GET /v1/auth/oauth/google/begin 
curl \
 -X GET https://api.streambird.io/v1/auth/oauth/google/begin?public_token=string
Response example (200) 
{
  "redirect_url": "https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=1008100163226-56ujvvb72rat1rieggmi1kqepqpsjdsn.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Foauth%2Fgoogle%2Fcallback&response_type=code&scope=openid+email+profile&state=google-60ZMQkILtQYhb5QiEHIVZ8JUgmI0z54SYEWDWwkge4uZaDoo"
}
Response example (302) 
# Headers
Location: https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=1008100163226-56ujvvb72rat1rieggmi1kqepqpsjdsn.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Foauth%2Fgoogle%2Fcallback&response_type=code&scope=openid+email+profile&state=google-60ZMQkILtQYhb5QiEHIVZ8JUgmI0z54SYEWDWwkge4uZaDoo

# Payload
{
  "redirect_url": "https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=1008100163226-56ujvvb72rat1rieggmi1kqepqpsjdsn.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Foauth%2Fgoogle%2Fcallback&response_type=code&scope=openid+email+profile&state=google-60ZMQkILtQYhb5QiEHIVZ8JUgmI0z54SYEWDWwkge4uZaDoo"
}

Apple

GET /v1/auth/oauth/apple/begin

Client side public endpoint to generate a redirect_url for OAuth provider that will direct the user to sign in via Apple. User will first sign in to their Apple account, Apple will then call the Streambird callback URL set during the setup process for Apple provider. Once Streambird completes the OAuth flow with Apple, we will redirect back to the login/registration redirect URLs set for your App with an internal token for this session. You can then use this token to verify with our VerifyOAuthToken endpoint to retrieve the authenticated user and optionally the original access_token and refresh_token from Apple.

HTTP Request

GET /v1/auth/oauth/apple/begin

Query String Example

/v1/auth/oauth/apple/begin?public_token=pk_live_bGcnsYLoObxCSvUcCNBEWgWkOFIBD6JQhx1bMTakf1R6QWrR&redirect=true&login_redirect_url=http://localhost:8080/register

Returns

A successful response returns an object with a redirect_url property. If redirect query parameter is set to true, a response with status code 302 will be returned, which allows the browser to automatically redirect to the returned redirect_url without custom client side redirect logic.

Query parameters
  • public_token Required / string

    Required Public token of the App, public token can be exposed in the frontend and client side SDKs.

  • redirect boolean

    Optional Determines if the response should be a 302 auto redirect instead of returning the redirect_url in the json with a 200 status code.

  • login_redirect_url string

    Optional If an existing user is found, this URL will be used for redirect upon the completion of the OAuth flow

  • registration_redirect_url string

    Optional If a new user is created, this URL will be used for redirect upon the completion of the OAuth flow

Responses
GET /v1/auth/oauth/apple/begin 
curl \
 -X GET https://api.streambird.io/v1/auth/oauth/apple/begin?public_token=string
Response example (200) 
{
  "redirect_url": "https://appleid.apple.com/auth/authorize?client_id=streambird.oauth&redirect_uri=https%3A%2F%2Fstreambird.dev%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_mode=form_post&response_type=code&scope=name%20email&state=apple-9QTXKuEEdj224OJBCa9PQKehd25hFieoGJWnGyIe3aY16p6TkIR8oPiQ1So1QHZM"
}
Response example (302) 
# Headers
Location: https://appleid.apple.com/auth/authorize?client_id=streambird.oauth&redirect_uri=https%3A%2F%2Fstreambird.dev%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_mode=form_post&response_type=code&scope=name%20email&state=apple-9QTXKuEEdj224OJBCa9PQKehd25hFieoGJWnGyIe3aY16p6TkIR8oPiQ1So1QHZM

# Payload
{
  "redirect_url": "https://appleid.apple.com/auth/authorize?client_id=streambird.oauth&redirect_uri=https%3A%2F%2Fstreambird.dev%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_mode=form_post&response_type=code&scope=name%20email&state=apple-9QTXKuEEdj224OJBCa9PQKehd25hFieoGJWnGyIe3aY16p6TkIR8oPiQ1So1QHZM"
}

Microsoft

GET /v1/auth/oauth/microsoft/begin

Client side public endpoint to generate a redirect_url for OAuth provider that will direct the user to sign in via Microsoft. User will first sign in to their Microsoft account, Microsoft will then call the Streambird callback URL set during the setup process for Microsoft provider. Once Streambird completes the OAuth flow with Microsoft, we will redirect back to the login/registration redirect URLs set for your App with an internal token for this session. You can then use this token to verify with our VerifyOAuthToken endpoint to retrieve the authenticated user and optionally the original access_token and refresh_token from Microsoft.

HTTP Request

GET /v1/auth/oauth/microsoft/begin

Query String Example

/v1/auth/oauth/microsoft/begin?public_token=pk_live_bGcnsYLoObxCSvUcCNBEWgWkOFIBD6JQhx1bMTakf1R6QWrR&redirect=true&login_redirect_url=http://localhost:8080/register

Returns

A successful response returns an object with a redirect_url property. If redirect query parameter is set to true, a response with status code 302 will be returned, which allows the browser to automatically redirect to the returned redirect_url without custom client side redirect logic.

Query parameters
  • public_token Required / string

    Required Public token of the App, public token can be exposed in the frontend and client side SDKs.

  • redirect boolean

    Optional Determines if the response should be a 302 auto redirect instead of returning the redirect_url in the json with a 200 status code.

  • login_redirect_url string

    Optional If an existing user is found, this URL will be used for redirect upon the completion of the OAuth flow

  • registration_redirect_url string

    Optional If a new user is created, this URL will be used for redirect upon the completion of the OAuth flow

Responses
GET /v1/auth/oauth/microsoft/begin 
curl \
 -X GET https://api.streambird.io/v1/auth/oauth/microsoft/begin?public_token=string
Response example (200) 
{
  "redirect_url": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=90f32a8e-4013-4627-b67c-d8f0db966931&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=openid+email+profile&state=microsoft-F7j9hHnMeIWsHEHpwwgtDJ2T76TAEwmYHacp87uR7nJcbgltWST21zlMr1C5ORYp"
}
Response example (302) 
# Headers
Location: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=90f32a8e-4013-4627-b67c-d8f0db966931&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=openid+email+profile&state=microsoft-F7j9hHnMeIWsHEHpwwgtDJ2T76TAEwmYHacp87uR7nJcbgltWST21zlMr1C5ORYp

# Payload
{
  "redirect_url": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=90f32a8e-4013-4627-b67c-d8f0db966931&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=openid+email+profile&state=microsoft-F7j9hHnMeIWsHEHpwwgtDJ2T76TAEwmYHacp87uR7nJcbgltWST21zlMr1C5ORYp"
}

Discord

GET /v1/auth/oauth/discord/begin

Client side public endpoint to generate a redirect_url for OAuth provider that will direct the user to sign in via Discord. User will first sign in to their Discord account, Discord will then call the Streambird callback URL set during the setup process for Discord provider. Once Streambird completes the OAuth flow with Discord, we will redirect back to the login/registration redirect URLs set for your App with an internal token for this session. You can then use this token to verify with our VerifyOAuthToken endpoint to retrieve the authenticated user and optionally the original access_token and refresh_token from Discord.

HTTP Request

GET /v1/auth/oauth/discord/begin

Query String Example

/v1/auth/oauth/discord/begin?public_token=pk_live_bGcnsYLoObxCSvUcCNBEWgWkOFIBD6JQhx1bMTakf1R6QWrR&redirect=true&login_redirect_url=http://localhost:8080/register

Returns

A successful response returns an object with a redirect_url property. If redirect query parameter is set to true, a response with status code 302 will be returned, which allows the browser to automatically redirect to the returned redirect_url without custom client side redirect logic.

Query parameters
  • public_token Required / string

    Required Public token of the App, public token can be exposed in the frontend and client side SDKs.

  • redirect boolean

    Optional Determines if the response should be a 302 auto redirect instead of returning the redirect_url in the json with a 200 status code.

  • login_redirect_url string

    Optional If an existing user is found, this URL will be used for redirect upon the completion of the OAuth flow

  • registration_redirect_url string

    Optional If a new user is created, this URL will be used for redirect upon the completion of the OAuth flow

Responses
GET /v1/auth/oauth/discord/begin 
curl \
 -X GET https://api.streambird.io/v1/auth/oauth/discord/begin?public_token=string
Response example (200) 
{
  "redirect_url": "https://discord.com/api/oauth2/authorize?access_type=online&client_id=910035262648750080&redirect_uri=https%3A%2F%2F8628-96-246-28-169.ngrok.io%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=email+identify&state=discord-KYy6j9CnAGdl2q92MH8DlCTSta1mSY5nR1cfZovyXT0RV2sIBA4artascOOUH084"
}
Response example (302) 
# Headers
Location: https://discord.com/api/oauth2/authorize?access_type=online&client_id=910035262648750080&redirect_uri=https%3A%2F%2F8628-96-246-28-169.ngrok.io%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=email+identify&state=discord-KYy6j9CnAGdl2q92MH8DlCTSta1mSY5nR1cfZovyXT0RV2sIBA4artascOOUH084

# Payload
{
  "redirect_url": "https://discord.com/api/oauth2/authorize?access_type=online&client_id=910035262648750080&redirect_uri=https%3A%2F%2F8628-96-246-28-169.ngrok.io%2Fv1%2Fauth%2Foauth%2Fcallback%2Fapp_24ydphdixx2ydhF0E5WUFUKWNqi&response_type=code&scope=email+identify&state=discord-KYy6j9CnAGdl2q92MH8DlCTSta1mSY5nR1cfZovyXT0RV2sIBA4artascOOUH084"
}

Github

GET /v1/auth/oauth/github/begin

Client side public endpoint to generate a redirect_url for OAuth provider that will direct the user to sign in via Github. User will first sign in to their Github account, Github will then call the Streambird callback URL set during the setup process for Github provider. Once Streambird completes the OAuth flow with Github, we will redirect back to the login/signup redirect URLs set for your App with an internal token for this session. You can then use this token to verify with our VerifyOAuthToken endpoint to retrieve the authenticated user and optionally the original access_token and refresh_token from Github.

HTTP Request

GET /v1/auth/oauth/github/begin

Query String Example

/v1/auth/oauth/github/begin?public_token=pk_live_bGcnsYLoObxCSvUcCNBEWgWkOFIBD6JQhx1bMTakf1R6QWrR&redirect=true&login_redirect_url=http://localhost:8080/register

Returns

A successful response returns an object with a redirect_url property. If redirect query parameter is set to true, a response with status code 302 will be returned, which allows the browser to automatically redirect to the returned redirect_url without custom client side redirect logic.

Query parameters
  • public_token Required / string

    Required Public token of the App, public token can be exposed in the frontend and client side SDKs.

  • redirect boolean

    Optional Determines if the response should be a 302 auto redirect instead of returning the redirect_url in the json with a 200 status code.

  • login_redirect_url string

    Optional If an existing user is found, this URL will be used for redirect upon the completion of the OAuth flow

  • registration_redirect_url string

    Optional If a new user is created, this URL will be used for redirect upon the completion of the OAuth flow

Responses
GET /v1/auth/oauth/github/begin 
curl \
 -X GET https://api.streambird.io/v1/auth/oauth/github/begin?public_token=string
Response example (200) 
{
  "redirect_url": "https://github.com/login/oauth/authorize?client_id=63a8d0c330e35260c229&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Foauthcb_28XPFGcXWv4UvjYYaG74yeZcepx&response_type=code&scope=read%3Auser+user%3Aemail&state=github-jjcHMiUbxPn6hli55B4v5LciXGAPj3dWqNYWTXsQ7xzj1pHhM4rBtrnXnQVSxds1"
}
Response example (302) 
# Headers
Location: https://github.com/login/oauth/authorize?client_id=63a8d0c330e35260c229&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Foauthcb_28XPFGcXWv4UvjYYaG74yeZcepx&response_type=code&scope=read%3Auser+user%3Aemail&state=github-jjcHMiUbxPn6hli55B4v5LciXGAPj3dWqNYWTXsQ7xzj1pHhM4rBtrnXnQVSxds1

# Payload
{
  "redirect_url": "https://github.com/login/oauth/authorize?client_id=63a8d0c330e35260c229&redirect_uri=http%3A%2F%2Flocalhost%3A11019%2Fv1%2Fauth%2Foauth%2Fcallback%2Foauthcb_28XPFGcXWv4UvjYYaG74yeZcepx&response_type=code&scope=read%3Auser+user%3Aemail&state=github-jjcHMiUbxPn6hli55B4v5LciXGAPj3dWqNYWTXsQ7xzj1pHhM4rBtrnXnQVSxds1"
}

Verify Token

POST /v1/auth/oauth/verify
Authorization

Verify an internal OAuth token redirected to your application upon the completion of the OAuth flow. This token is generated by Streambird and can be used to exchange for the authenticated user information and/or the original access_token and refresh_token of the idp providers that can be used directly with the external OAuth providers (e.g., Google, Apple, Microsoft, etc).

HTTP Request

POST /v1/auth/oauth/verify

Returns

A successful response returns user_id, idp_session property with data from the OAuth provider by default. Session object in session property if any of the session_token, session_jwt, or session_expires_in is valid.

Body
  • token Required / string

    Required OAuthToken provided to the login/signup redirect url to authenticate the OAuth session and exchange user info and idp access_token and refresh_token.

  • session_expires_in number

    Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). This parameter will create a new session if there is no existing session along with a session_token and session_jwt. However, if a valid session_token or session_jwt is sent in, it will extend that session by the minutes specified. If not sent in and no valid session_token or session_jwt included, it will be ignored and no Streambird session will be created by default.

  • session_token string

    Unique session token to verify.

  • session_jwt string

    Unique Session JWT to verify.

Responses
POST /v1/auth/oauth/verify 
curl \
 -X POST https://api.streambird.io/v1/auth/oauth/verify \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"token":"yRqkvNQVTwddlZV6D7S0ypSNpHlCbfYG4OAw3oUIVFFZ27UJ8R0xmRUQfNF59G9i"}'
Request example 
{
  "token": "yRqkvNQVTwddlZV6D7S0ypSNpHlCbfYG4OAw3oUIVFFZ27UJ8R0xmRUQfNF59G9i"
}
Response example (200) 
{
  "provider_subject": "100157402424066154830",
  "provider": "google",
  "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
  "idp_session": {
    "idp": {
      "access_token": "ya29.A0ARrdaM9TnNfrdqDZmBIw7PBPjYf0HELFdxDCNC2cQRK7aqgsIfIusuCd0SJ5nx9dgGti2KU-rt_dIV7cpxasqpCpRq7VNyv-KsbC2-cn6j76p_wVmUwCKlWZ_3ZHx8WFdlIrLu-E1q3Ea_11zfmQCwuwgBMl",
      "refresh_token": "1//0d2jmQJmy0z17CgYIARAAGA0SNwF-L9IrF-jEvfwE-YNr_--Cqzu7MGnmtpLu0kklcFfgJzI2FSBib9_4wh1MAs4JKbAvue2XJoI"
    }
  },
  "session": null,
  "session_token": ""
}

Sessions

GetJWKs

GET /v1/auth/jwks/default
Authorization

Get JWK Set using a publishable PublicToken or secret ApiKey. It serves as a wrapper on top of GetJWKsByApp and infers the app_id from the api key used.

HTTP Request

GET /v1/auth/jwks/default

Returns

A successful response returns a JWK Set object.

Responses
  • 200 object
    • keys Required / array[object]

      At least 1 element.

      • alg Required / string
      • e Required / string
      • key_ops Required / array[object]
      • kid Required / string
      • kty Required / string
      • n Required / string
      • use Required / string
      • x5c Required / array[object]
      • x5t#S256 Required / string
GET /v1/auth/jwks/default 
curl \
 -X GET https://api.streambird.io/v1/auth/jwks/default \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200) 
{
  "keys": [
    {
      "alg": "RS256",
      "e": "AQAB",
      "key_ops": [
        "verify"
      ],
      "kid": "jwk_27D5uOThR2dsgraX7WVoELG4qEX",
      "kty": "RSA",
      "n": "uoIQ4EXnR_iRaDc2QTJAMOphBUDBvKKgldlLvX-8uJ8VcqTtoKU2ojMqGZlEFSW-h2rBwh4j5sny_4tOWXdWJ0x6k2ZAVlVddqtfDBb3oM-l2OjcLox43sO3hr4O7n57sbFQvJLXOr_SQof8qWhR2d8yo_GGXJV6Shr57P0sTIFwRJ3YbBYs806WZzB6J8Ze8BzcUXDA_tCRKOhM-GMVFxWPXYHm-A7lkqEQSd7z8AzyfNQOew1lPAgAGIJYciD1kxQK5B3RjDrcf9q11x7vRPlCWCan8WrtS351uzxLzjtdVoV8C5atTumgw2P-sx6oAOhdvUSIfi_kh8LtPwbI5w",
      "use": "sig",
      "x5c": [
        "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoIQ4EXnR/iRaDc2QTJAMOphBUDBvKKgldlLvX+8uJ8VcqTtoKU2ojMqGZlEFSW+h2rBwh4j5sny/4tOWXdWJ0x6k2ZAVlVddqtfDBb3oM+l2OjcLox43sO3hr4O7n57sbFQvJLXOr/SQof8qWhR2d8yo/GGXJV6Shr57P0sTIFwRJ3YbBYs806WZzB6J8Ze8BzcUXDA/tCRKOhM+GMVFxWPXYHm+A7lkqEQSd7z8AzyfNQOew1lPAgAGIJYciD1kxQK5B3RjDrcf9q11x7vRPlCWCan8WrtS351uzxLzjtdVoV8C5atTumgw2P+sx6oAOhdvUSIfi/kh8LtPwbI5wIDAQAB"
      ],
      "x5t#S256": "NX58stxO+soCSJsfxxF9rwtxxCv/6QRC51hjqFPFTL0="
    }
  ]
}

GetJWKsByApp

GET /v1/auth/jwks/{app_id}
Authorization

Get JWK Set for the App.

HTTP Request

GET /v1/auth/jwks/{app_id}

Request String Example

/v1/auth/jwks/app_24ydphdixx2ydhF0E5WUFUKWNqi

Returns

A successful response returns a JWK Set object.

Responses
  • 200 object
    • keys Required / array[object]

      At least 1 element.

      • alg Required / string
      • e Required / string
      • key_ops Required / array[object]
      • kid Required / string
      • kty Required / string
      • n Required / string
      • use Required / string
      • x5c Required / array[object]
      • x5t#S256 Required / string
GET /v1/auth/jwks/{app_id} 
curl \
 -X GET https://api.streambird.io/v1/auth/jwks/{app_id} \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200) 
{
  "keys": [
    {
      "alg": "RS256",
      "e": "AQAB",
      "key_ops": [
        "verify"
      ],
      "kid": "jwk_27D5uOThR2dsgraX7WVoELG4qEX",
      "kty": "RSA",
      "n": "uoIQ4EXnR_iRaDc2QTJAMOphBUDBvKKgldlLvX-8uJ8VcqTtoKU2ojMqGZlEFSW-h2rBwh4j5sny_4tOWXdWJ0x6k2ZAVlVddqtfDBb3oM-l2OjcLox43sO3hr4O7n57sbFQvJLXOr_SQof8qWhR2d8yo_GGXJV6Shr57P0sTIFwRJ3YbBYs806WZzB6J8Ze8BzcUXDA_tCRKOhM-GMVFxWPXYHm-A7lkqEQSd7z8AzyfNQOew1lPAgAGIJYciD1kxQK5B3RjDrcf9q11x7vRPlCWCan8WrtS351uzxLzjtdVoV8C5atTumgw2P-sx6oAOhdvUSIfi_kh8LtPwbI5w",
      "use": "sig",
      "x5c": [
        "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoIQ4EXnR/iRaDc2QTJAMOphBUDBvKKgldlLvX+8uJ8VcqTtoKU2ojMqGZlEFSW+h2rBwh4j5sny/4tOWXdWJ0x6k2ZAVlVddqtfDBb3oM+l2OjcLox43sO3hr4O7n57sbFQvJLXOr/SQof8qWhR2d8yo/GGXJV6Shr57P0sTIFwRJ3YbBYs806WZzB6J8Ze8BzcUXDA/tCRKOhM+GMVFxWPXYHm+A7lkqEQSd7z8AzyfNQOew1lPAgAGIJYciD1kxQK5B3RjDrcf9q11x7vRPlCWCan8WrtS351uzxLzjtdVoV8C5atTumgw2P+sx6oAOhdvUSIfi/kh8LtPwbI5wIDAQAB"
      ],
      "x5t#S256": "NX58stxO+soCSJsfxxF9rwtxxCv/6QRC51hjqFPFTL0="
    }
  ]
}

List Sessions

GET /v1/auth/sessions/list
Authorization

List identity sessions in an App by user ID.

HTTP Request

POST /v1/auth/sessions/list

Query String Example

/v1/auth/sessions/list?user_id=user_24wFP9pDa9YiMJLun94iKykoZs2

Returns

A successful response returns list of Sessionobjects with associated authentication factors that include unique identifiers and delivery methods in the sessions property.

Query parameters
  • user_id Required / string

    Unique User ID to retrieve active sessions.

Responses
GET /v1/auth/sessions/list 
curl \
 -X GET https://api.streambird.io/v1/auth/sessions/list?user_id=user_24wFP9pDa9YiMJLun94iKykoZs2 \
 -H "Authorization: Bearer $ACCESS_TOKEN"
Response example (200) 
{
  "sessions": [
    {
      "id": "sess_24tZ6tlJ7CxlTwB6Zoj6SHQ9vU3",
      "user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2",
      "session_token": "NGTCMAk51ItYAan83C6BLYXm7iJsKY0kCpsVj5WdJGg10eslpceC6MSS2RSqbUzT",
      "started_at": 1643163802,
      "expires_at": 1643763867,
      "last_active_at": 1643163867,
      "factors": [
        {
          "delivery_channel": "sms",
          "type": "otp",
          "method": {
            "method_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
            "method_type": "phone_number",
            "phone_number_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
            "phone_number": "+14152222222",
            "last_verified_at": 1643163802
          }
        }
      ],
      "device_fingerprint": {
        "user_agent": "",
        "ip": ""
      },
      "updated_at": 1643163867,
      "created_at": 1643163802
    }
  ]
}

Verify Session

POST /v1/auth/sessions/verify
Authorization

Verify session in an application by session token and/or optionally extend the expiration time of the session by N minutes from now if the session_expires_in property is present.

HTTP Request

POST /v1/auth/sessions/verify

Returns

A successful response returns a Session object with associated authentication factors that include unique identifiers and delivery methods.

Body
  • session_token string

    Required if session_jwt not present Unique Session Token to verify.

  • session_jwt string

    Required if session_token not present Unique Session JWT to verify.

  • session_expires_in number

    Optional Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). If there is no existing session or invalid session identified by either session_id, session_token, or session_jwt, it will return an error. However, if a valid session_token or session_jwt is sent in, it will extend that session by the minutes specified.

Responses