Application-/Backend-facing API

The Application- or Backend-facing REST API is the one that is only accessible by your application's backend. It is not accessible directly from your frontend or the internet. The connection between the REST API Server and your backend which invoked the HTTP REST calls is authenticated and protected using mutual TLS (mTLS).

Create user

Create a new user.

URL: /users/

Method: POST

JSON Payload:

{
    "email": "<user's email address>",
    "password": "<User's password (min length = 8, max  length = 32)>",
    "confirmed": true|false,
    "enabled": true|false,
    "data": {}
}

HTTP Response Status Codes:

  • 201: Created (user successfully created, User ID in response header 'X-Object-ID')
  • 400: Bad request (invalid JSON payload)
  • 409: Conflict (email address already exists)

Get user

Get a user object.

URL: /users/<ID>

Method: GET

HTTP Response Status Codes:

  • 200: OK (successful, result in response body payload)
  • 404: Not found (invalid User ID)

HTTP Response Body:

{
    "email": "<user's email address>",
    "password": "<User's password (min length = 8, max  length = 32)>",
    "confirmed": true|false,
    "enabled": true|false,
    "data": {}
}

Delete user

Delete a user.

URL: /users/<ID>

Method: DELETE

HTTP Response Status Codes:

  • 204: No content (successful)
  • 404: Not found (invalid User ID)

Set email address

Set a user's email address.

URL: /users/<ID>/email

Method: PUT

JSON Payload:

{
    "email": "<user's email address>"
}

HTTP Response Status Codes:

  • 204: No content (successful)
  • 400: Bad request (invalid JSON payload)
  • 404: Not found (invalid User ID)
  • 409: Conflict (email address already exists)

Set password

Set a user's password.

URL: /users/<ID>/password

Method: PUT

JSON Payload:

{
    "password": "<user's new password>"
}

HTTP Response Status Codes:

  • 204: No content (successful)
  • 400: Bad request (invalid JSON payload)
  • 404: Not found (invalid User ID)

Disable user

Disable a user account so that the user can't log in anymore.

URL: /users/<ID>/disable

Method: PUT

HTTP Response Status Codes:

  • 204: No content (successful)
  • 404: Not found (invalid User ID)

Enable user

Enable a user account so that the user can log in.

URL: /users/<ID>/enable

Method: PUT

HTTP Response Status Codes:

  • 204: No content (successful)
  • 404: Not found (invalid User ID)

Set custom user data

Store custom JSON data in a user object.

URL: /users/<ID>/data

Method: PUT

JSON Payload:

{
    <Custom JSON data>
}

HTTP Response Status Codes:

  • 204: No content (successful)
  • 400: Bad request (invalid JSON payload)
  • 404: Not found (invalid User ID)

Get custom user data

Retrieve previously stored custom JSON data from a user object.

URL: /users/<ID>/data

Method: GET

HTTP Response Status Codes:

  • 204: No content (successful)
  • 404: Not found (invalid User ID)

HTTP Response Body:

{
    <Custom JSON data>
}

Check password

Checks if a supplied plain-text password matched the user's hashed password.

URL: /users/<ID>/checkpw

Method: POST

JSON Payload:

{
    "password": "<plain-text password>"
}

HTTP Response Status Codes:

  • 200: OK (successful)
  • 400: Bad request (invalid JSON payload)
  • 404: Not found (invalid User ID)

HTTP Response Body:

{
    "result": true|false
}