User Authentication

API Endpoints for User Authentication

POST /create-session

The Simplio3D OpenAPI provides several endpoints for user authentication. These endpoints allow users to securely sign up, log in, and manage their authentication status.

Generate Login Token for a User

The 'Generate Login Token for a User' endpoint is a crucial part of the authentication process, as it enables the creation of a secure token that verifies a user's identity. Once a user successfully logs in with valid credentials, such as a username and password, this endpoint is responsible for generating a unique token. This token is essentially a cryptographic string that represents the user's session and is used to authenticate subsequent API requests.

When a request is made to this endpoint, the system validates the provided credentials and, upon successful verification, issues a token. This token should then be stored securely on the client side, typically in a secure location like local storage or a secure cookie, to prevent unauthorized access or exposure. For all future interactions with protected resources within the application, the client must include this token in the authorization header of their API requests.

Endpoints

Generate login token for a user

post
Authorizations
Body
idstringRequired

Configurator ID to generate the token. You can find this Configurator Encrypted ID in share module

Example: edcfrt...
domain_namestringRequired

Domain name

Example: example.com
Responses
200
Token generated successfully
application/json
post
POST /api/open-api/v1/auth/create-session HTTP/1.1
Host: app.simplio3d.com
Authorization: YOUR_API_KEY
Content-Type: multipart/form-data
Accept: */*
Content-Length: 46

{
  "id": "edcfrt...",
  "domain_name": "example.com"
}
{
  "message": "Login Successful.",
  "token": "eyJhbGciOiJIUzI1N..."
}

This method largely eliminates the need for users to repeatedly enter their credentials for every request, thereby improving both usability and security. It ensures that only authenticated users can access sensitive data and perform actions that require a verified identity. Furthermore, implementing token expiration policies and revocation capabilities enhances the system's security, as tokens can be invalidated after a certain period or upon user logout, safeguarding against improper use.

NOTE: Ensure you have the necessary authorization credentials (e.g., Bearer Token) to access this endpoint which is taken from the 'Share' tab encryption token found at the bottom of the page.

Last updated

Was this helpful?