API Reference

Authentication

The Process of Verification

Authentication is an essential process that ensures secure access to sensitive information and resources. When accessing online systems or accounts, it's crucial to verify the identity of users to prevent unauthorized access.

The Authentication controller is responsible for managing user authentication and session management. Its key responsibilities include:

  • Access Token Management: Provides the /auth/token endpoint to obtain access tokens based on specified grant types.
  • User Login Session: Facilitates secure user authentication through the /auth/session/login endpoint.
  • User Logout Session: Handles user logout via the /auth/session/logout endpoint, terminating sessions to enhance security.
  • Security and Integrity: Ensures secure interactions with protected resources by managing authentication processes effectively.

The authentication process involves several steps, each designed to validate user credentials and ensure that only authorized individuals can access protected resources. In this explanation, we'll outline the steps involved in authenticating yourself using our system.


Login Process

Authentication Process



1. Requesting an Access Token

  • Using the following parameters, make a request against the auth/token endpoint:
    • grant_type: Set this to client_credentials.
    • client_id: Set this to the unique client Id provided to you from Mondia.
    • client_secret: Set this to the client secret provided to you from Mondia.

This step will return the access token necessary for logging in:

  • access_token: Cef215fd5-5cb2-4d2f-8bd0-e8463ff2a500.

📘

Access Token

This initial access token is referred to as the "client_credentials".

Expiration Time: 7 days

HTTP Method: POST

URL: https://public-gateway.aws.stg.mondia.io/api/marketplace/auth/token


2. Prepare for Login

  • Using the following parameters, make a request to the auth/session/login endpoint:
    • redirectionUrl: The portal that the user is redirected to.
    • lang: The two-letter ISO-639-1 language code (e.g., en).
    • Authorization: Set this property to the access token from step 1. This property should be a Header property.

Upon executing the login endpoint, navigate to the URL in the handleUrl property to initiate the login process. This URL is used to redirect the user to a login page where the user needs to insert the cellphone number and OTP to complete the login process.

  • Proceed to log in by providing the following details:
    • Provide your cellphone number (e.g., 201232389999).
    • Enter the OTP (e.g., 9999) sent to your phone.

This step will return the authorization code that is used to obtain a user Id.

  • authorization_code: Ac5c1cae1-f7fa-4dbc-80ce-48d6f43e7464

3. Obtain User Id

  • Using the following parameters, make a request to the auth/token endpoint again:
    • grant_type: Set this to authorization_code.
    • code: The authorization_code obtained from logging in.

This request will generate a User ID necessary for accessing protected resources, such as purchase, product, and payment information.

📘

Access Token

This access token is referred to as the "authorization_code".

Expiration Time: 7 days

HTTP Method: POST

URL: https://public-gateway.aws.stg.mondia.io/api/marketplace/auth/token