Authorization
To authorize a user, follow these sequential API steps:
First step - get access token - API Reference
Obtain an access token from Auth0 by sending user credentials to the /oauth/token endpoint.
Example request payload as Form Data:
grant_type: password
username: YOUR_USER_NAME
password: YOUR_PASSWORD
audience: https://dev-mrkter.io
client_id: IuNTe8fftpw3a0KJKxsxBET8t3C6agZi
connection: Username-Password-Authentication
scope: offline_accessExample response:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImlkTGt5YjFvaEpOSUE1M29NblYtZiJ9.eyJodHRwOi8vdHlwZSI6InVzZXIiLCJodHRwOi8vZW1haWwiOiJkbWl0cnkudit2ZW5kb3JAbXJrdGVyLmlvIiwiaHR0cDovL2p0aSI6ImI4NDE1NGYyYTU3NjJjZmI2NmJkMDYzNWVkNDM3ZDFkIiwiaXNzIjoiaHR0cHM6Ly9sb2dpbi5kZXYubXJrdGVyLmlvLyIsInN1YiI6ImF1dGgwfDY1ZTk5M2M3MjllNDBlZjFjZWJmMjMwMyIsImF1ZCI6Imh0dHBzOi8vZGV2LW1ya3Rlci5pbyIsImlhdCI6MTc0MzUwNzU0MiwiZXhwIjoxNzQzNTkwMzQyLCJzY29wZSI6Im9mZmxpbmVfYWNjZXNzIiwiZ3R5IjoicGFzc3dvcmQiLCJhenAiOiJJdU5UZThmZnRwdzNhMEtKS3hzeEJFVDh0M0M2YWdaaSJ9.poOsDK89sRJ-m1et6sM3EJgrfsgWcVRCVjl5lHwk5MO6nSLv-1KUkX5L-nG9SeFdyXWkXAyKX8s5uKSawKaPpD04rrN8Y9qSDc2USGwDb3NRhmPoY5J7wR0eqstjQlHJcq4eczxTiprNCEtYyiqgCFNPpcMB_XYQJSPbY9mQrQEf9VFoJvkr1shyvLGo-8dfN1NFJywKq6jgSH-w9AAyb8Ex2qAj4ICufPWffyAF6NoFGD5naRLe4K6_21B-nr9EMQ08c65353D0QaH2CIUDnr0HdY8bj558a9WXslqwvw4b0owMN9Pcm8E9yQckQI7uNyuE3vNvri50YYk9c7AkHA",
"refresh_token": "v1.MfXFqd6B7GKv7Lk0sQCnwqf5RvoSvPyKDS6bz0fT15wVrFlq6rYK2BIupO1t6H0_7dlpMErFOtFzjf2vEFh1jSo",
"scope": "offline_access",
"expires_in": 82800,
"token_type": "Bearer"
}Second step - get vendor user identities - API Referense
GET https://api.dev.mrkter.io/user-identity/me/users
Retrieve user identity and associated account information using the /user-identity/me/users endpoint
The Authorization header must include the previously obtained access token
Example header for request:
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImlkTGt5YjFvaEpOSUE1M29NblYtZiJ9.eyJodHRwOi8vdHlwZSI6InVzZXIiLCJodHRwOi8vZW1haWwiOiJkbWl0cnkudit2ZW5kb3JAbXJrdGVyLmlvIiwiaHR0cDovL2p0aSI6ImI4NDE1NGYyYTU3NjJjZmI2NmJkMDYzNWVkNDM3ZDFkIiwiaXNzIjoiaHR0cHM6Ly9sb2dpbi5kZXYubXJrdGVyLmlvLyIsInN1YiI6ImF1dGgwfDY1ZTk5M2M3MjllNDBlZjFjZWJmMjMwMyIsImF1ZCI6Imh0dHBzOi8vZGV2LW1ya3Rlci5pbyIsImlhdCI6MTc0MzUwNzU0MiwiZXhwIjoxNzQzNTkwMzQyLCJzY29wZSI6Im9mZmxpbmVfYWNjZXNzIiwiZ3R5IjoicGFzc3dvcmQiLCJhenAiOiJJdU5UZThmZnRwdzNhMEtKS3hzeEJFVDh0M0M2YWdaaSJ9.poOsDK89sRJ-m1et6sM3EJgrfsgWcVRCVjl5lHwk5MO6nSLv-1KUkX5L-nG9SeFdyXWkXAyKX8s5uKSawKaPpD04rrN8Y9qSDc2USGwDb3NRhmPoY5J7wR0eqstjQlHJcq4eczxTiprNCEtYyiqgCFNPpcMB\_XYQJSPbY9mQrQEf9VFoJvkr1shyvLGo-8dfN1NFJywKq6jgSH-w9AAyb8Ex2qAj4ICufPWffyAF6NoFGD5naRLe4K6\_21B-nr9EMQ08c65353D0QaH2CIUDnr0HdY8bj558a9WXslqwvw4b0owMN9Pcm8E9yQckQI7uNyuE3vNvri50YYk9c7AkHAExample response:
[
{
"id": 231,
"accountId": 123,
"firstName": "John",
"lastName": "Dow",
"avatar": null,
"email": "[email protected]",
"status": "ACTIVE",
"currency": "USD",
"verifiedPhoneNumber": "+972531112233",
"notVerifiedPhoneNumber": null,
"invitedAt": "2023-03-31T12:57:53.089Z",
"accountType": "ADVERTISER",
"accountCreatedAt": "2023-03-31T12:57:53.089Z",
"companyName": "Payouts",
"inviteExpiresAt": "2023-03-31T12:57:53.089Z",
"systemRoles": [
{
"id": 0,
"name": "OWNER",
"description": "OWNER_DESCRIPTION",
"permissions": [
{
"id": 0,
"name": "VENDOR_FINANCE:READ",
"resource": "VENDOR_FINANCE",
"action": "READ"
}
]
}
],
"totpEnabled": false,
"phoneNumberAuthEnabled": false,
"location": "US",
"phoneNumberCountry": "US",
"phoneNumberCode": "972",
"isEmailVerified": true,
"isPasswordSetForInvitedUser": true
}
]Third step - request auth confirmation code by SMS - API Reference
POST https://api.dev.mrkter.io/verification/sms
Request an SMS verification code by sending the user’s phone number to the /verification/sms endpoint.
Example request payload:
{
"phoneNumber": "+972531112233"
}Last step - validate code from SMS - API Reference
POST https://api.dev.mrkter.io/auth/mfa/phone-number/authenticate
Validate the SMS code using the /auth/mfa/phone-number/authenticate endpoint. Include both the Authorization and x-account-id headers from second step response (accountId - value)
Example request payload:
{
"code": "123456"
}Example response:
e2OyFXDwyyKH1iRyOsvb2x7qFrceUXq4The response from the last step (above) contains the session ID. You must provide this value on next steps in x-session-id header.
Updated about 1 month ago