Authentication API

This document explains how to use Authentication APIs. Authentication APIs use HTTP POST protocol and send and receive messages in JSON format.

Endpoint

Real Server : https://auth.vixco.net/v2

Test Server : https://test-auth.vixco.net/v2

API References

Authenticate

Log in using your ID and password.

Authenticate with ID and password

post
Body
userTypestringOptional

User type (store, employee, platform, customer, root)

idstringOptional

User ID

passwordstringOptional

User password

tokenstringOptional

JWT

Responses
200

Returns a JWT (JSON Web Token) for authentication

application/json
post
/auth/auth-user

  • userType is ignored. Currently it is not used.

  • You can authenticate through id and password.

  • If there is a token value, the token validity period can be extended.

  • If successful, you get a new JWT token. It also receives basic user information, such as user name, userId, telNo, and email.

Example

Log in using your VP (Verifiable Presentation).

Login with VP

post
Body
requestIdstringOptional
Responses
200

Return JWT

application/json
post
/auth/auth-user-with-vp
200

Return JWT

  • Put the VP body in vp.

  • In case of the application's own login, requestId is not needed. requestId is required for web site login. When the web site shows the QR code through the browser, the user application reads this value, puts it in the requetId, and calls this API to log in to the web site.

  • If successful, you get a new JWT token. It also receives basic user information, such as user name, userId, telNo, and email.

Example

The following auth-user-by-app, cancel-auth-user-by-app, and auth-user-result-by-app are provided for web site login. These APIs are used by the web server script.

Request DID login.

Request authentication via a user app

post
Body
requestIdstringOptional
waitTimeintegerOptional
Responses
200

Successful

application/json
post
/auth/auth-user-by-app
200

Successful

  • requestId is an identifier that identifies the web site. In general, you can use the site URL + "?".

  • waitTime is the maximum waiting time for login.

  • If successful, new requestId is issued. This value should be used to check if a user is logged in by the user application.

Example

Cancel the authentication request.

Cancel the authentication via a user app

post
Body
requestIdstringOptional
waitTimeintegerOptional
Responses
200

Successful

No content
post
/auth/cancel-auth-user-by-app
200

Successful

No content

  • requestId is the id you want to cancel.

  • waitTime is ignored.

Example

Check whether the login was successful.

Get the token obtained through a user app

post
Body
requestIdstringOptional
waitTimeintegerOptional
Responses
200

Return JWT

application/json
post
/auth/auth-user-result-by-app
200

Return JWT

  • requestId is the ID that checks the login success response.

  • waitTime is ignored.

  • If successful, you get a new JWT token. It also receives basic user information, such as user name, userId, telNo, and email.

  • If there is no request or the request time is old, a 400 error occurs.

  • If you're waiting for a response from your app, you'll get a 401 error.

Example

DID (Decentralized Identifier)

Create your DID.

Create DID (Decentralized Identity)

post
Body
aliasstringOptional
addressstringOptional
secretKeystringOptional
Responses
200

Returns DID

application/json
post
/did/create-did
200

Returns DID

  • alias is an alias for identifying a DID.

  • Use the address and secretKey that came out when you create the address to authenticate yourself.

Example

Create your VCs (Verifiable Credential).

Because this is the credentials used by this system, the JWT authenticated by /auth/auth-user in advance is required.

Create VC (Verifiable Claims)

post
Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Body
holderstringOptional
issuerstringOptional
tempKeystringOptional
hashKeystringOptional
Responses
200

Returns VC

application/json
post
/did/create-vc
200

Returns VC

  • holder is your issued DID.

  • issuer is the issuer DID provided by this authentication system.

  • Provides additional information to userInfo in key/value format.

  • If successful, you will get your VC.

Example

Verify the VC.

Verify VC (Verifiable Credential)

post
Body
issuerobjectOptional
Other propertiesanyOptional
Responses
200

Returns whether the validation was successful or not

application/json
post
/did/verify-vc
200

Returns whether the validation was successful or not

  • The body of the request has the VC.

  • If successful, verified is true.

Example

Create your VP (Verifiable Presentation).

Create VP (Verifiable Presentation)

post
Body
holderstringOptional
verifierstringOptional
tempKeystringOptional
hashKeystringOptional
Responses
200

Return VP

application/json
post
/did/create-vp
200

Return VP

  • holder is your DID.

  • verifier is the verifier DID provided by this authentication system.

  • credentials contains a list of VCs.

  • If succesful, your VP is created.

Example

Verify the VP

Verify VP (Verifiable Presentaton)

post
Body
proofobjectOptional
Other propertiesanyOptional
Responses
200

Returns whether the validation was successful or not

application/json
post
/did/verify-vp
200

Returns whether the validation was successful or not

  • The body of the request has the VP.

  • If successful, verified is true.

Example

List issuers and verifiers.

Get an issuer list

get
Responses
200

Returns issuers

application/json
get
/did/issuers
200

Returns issuers

Example

Get an verifier list

get
Responses
200

Returns verifiers

application/json
get
/did/verifiers
200

Returns verifiers

Examples

NextChain API

Last updated