Verify Password (Enterprise)
Verify user password and generate a session. When a new factor is added, a new session_token
will be generated but inheriting the same session ID and history (e.g. OTP, magic link factors).
HTTP Request
POST /v1/auth/passwords/verify
Returns
A successful response returns an object with verified user_id
and session
properties.
Body
-
user_id
string Required Unique given user ID.
-
password
string Required User password.
-
session_expires_in
integer Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days).
-
session_token
string Unique Session token to verify.
-
session_jwt
string Unique Session JWT to verify.
-
device_fingerprint
object Device fingerprinting metadata for fraud detection during verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the
Verify Token
step by matching fields in thedevice_fingerprint
such as IP, User Agent or the combination of them (more fraud detection features coming soon!)
curl \
-X POST https://api.streambird.io/v1/auth/passwords/verify \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"password":"samplepass","session_token":"4KdNDr4QAMekuWssW7IDtF9mlsmkOj8QDRbp7oIGOb3Tv4sE3PjX6j6GypoYNnIB"}'
{
"password": "samplepass",
"session_token": "4KdNDr4QAMekuWssW7IDtF9mlsmkOj8QDRbp7oIGOb3Tv4sE3PjX6j6GypoYNnIB"
}
{
"session": {
"id": "sess_2KF44T13b1clHEoOHpwEmTtldx5",
"user_id": "user_2Cu2uVhYy0OVgRcO913OsqIVaPI",
"started_at": 1673556805,
"expires_at": 1673562817,
"last_active_at": 1673556817,
"factors": [
{
"delivery_channel": "email",
"type": "otp",
"method": {
"method_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
"method_type": "email",
"email_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
"email": "sandbox@streambird.io",
"last_verified_at": 1673556805
}
},
{
"delivery_channel": "password",
"type": "password",
"method": {
"last_verified_at": 1673556817
}
}
],
"device_fingerprint": {
"user_agent": "Chrome",
"ip": ""
},
"permissions": [],
"deleted": false,
"deleted_at": 0,
"updated_at": 1673556817,
"created_at": 1673556805
},
"session_token": "4KdNDr4QAMekuWssW7IDtF9mlsmkOj8QDRbp7oIGOb3Tv4sE3PjX6j6GypoYNnIB",
"session_jwt": "eyJhbGciOiJSUzI1NiIsImtpZCI6Imp3a18yN0Q1dU9UaFIyZHNncmFYN1dWb0VMRzRxRVgiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NzM1NjI4MTcsImh0dHBzOi8vc3RyZWFtYmlyZC5pby9qd3Qvc2Vzc2lvbiI6eyJpZCI6InNlc3NfMktGNDRUMTNiMWNsSEVvT0hwd0VtVHRsZHg1IiwidXNlcl9pZCI6ImRlOGRjM2IxLWI3ZTAtNGU3OS05MjU3LTZmNjgwZTUxOTcwYiIsInN0YXJ0ZWRfYXQiOjE2NzM1NTY4MDUsImV4cGlyZXNfYXQiOjE2NzM1NjI4MTcsImxhc3RfYWN0aXZlX2F0IjoxNjczNTU2ODE3LCJmYWN0b3JzIjpbeyJkZWxpdmVyeV9jaGFubmVsIjoiZW1haWwiLCJ0eXBlIjoib3RwIiwibWV0aG9kIjp7Im1ldGhvZF9pZCI6IjU5MzY2NTEzLWNmMzctNDE5Ni05NmY0LTI0ZGE3NTc3MjRiYSIsIm1ldGhvZF90eXBlIjoiZW1haWwiLCJlbWFpbF9pZCI6IjU5MzY2NTEzLWNmMzctNDE5Ni05NmY0LTI0ZGE3NTc3MjRiYSIsImVtYWlsIjoidGltQHN0cmVhbWJpcmQuaW8iLCJsYXN0X3ZlcmlmaWVkX2F0IjoxNjczNTU2ODA1fX0seyJkZWxpdmVyeV9jaGFubmVsIjoicGFzc3dvcmQiLCJ0eXBlIjoicGFzc3dvcmQiLCJtZXRob2QiOnsibGFzdF92ZXJpZmllZF9hdCI6MTY3MzU1NjgxN319XSwiZGV2aWNlX2ZpbmdlcnByaW50Ijp7InVzZXJfYWdlbnQiOiJDaHJvbWUiLCJpcCI6IiJ9LCJ1cGRhdGVkX2F0IjoxNjczNTU2ODE3LCJjcmVhdGVkX2F0IjoxNjczNTU2ODA1fSwiaWF0IjoxNjczNTU2ODE3LCJpc3MiOiJhcGkuc3RyZWFtYmlyZC5pby82ZTdjOWYxYi01ZTY2LTQwMGMtOTlhNy03ODM0MTFlMDNhYWMiLCJqdGkiOiJzZXNzXzJLRjQ0VDEzYjFjbEhFb09IcHdFbVR0bGR4NSIsIm5iZiI6MTY3MzU1NjgxNywic3ViIjoiZGU4ZGMzYjEtYjdlMC00ZTc5LTkyNTctNmY2ODBlNTE5NzBiIn0.ftGVnMztULiawr7XICEbKNT1KBep0XR3GHwzt-XWfz4BWSwUWEyueNUb1OVlS7wObyVZS6GvAHd2FfyJDv9LLneRzza6zuYxrZ6P52mI6zCGeyxJX95LBR5eyx-55Se_Z13cK1Lnky6xI4rm96wKvUkE3SObse9b1J7rXaZk_TF0Phss2-L53n_xTtXiDecPKe6DvnVh-AWv6pcDB4HpsMDSEiSgGo-0NNgcDNs5WuDz7W9AIOH_6DjfIghBx7RDr_S8EUkn55-w01uJjohHshTKtN2GsGgiR-mbpHum84RpakCMvXMqVURcQsjtQP7uN5qjllTXPI272QQkmGtQYg",
"user_id": "user_2Cu2uVhYy0OVgRcO913OsqIVaPIb"
}