Email + Password Login API
During an email + password login API call, different results are returned depending on the configuration. A successful call returns the user's session_token; if password expiration check or secondary authentication is enabled, a state_token is returned; failures return error information.
Request Description
Request Headers
| Parameter Name | Name | Required | Type | Description |
|---|---|---|---|---|
| X-operating-sys-version | Caller operating system version | Yes | String | windows10.1.1 |
| X-device-fingerprint | Caller device fingerprint | Yes | String | 156aysdna213sc50 |
| X-device-ip | Caller IP | No | String | 192.168.1.2 |
| X-agent | User-Agent information | Yes | String | Mozilla/5.0 (iPhone; CPU iPhone OS 13_3 like Mac OS X) AppleWebKit/605.1.15(KHTML, like Gecko) Mobile/15E148/HuaWei-AnyOffice/2.6.1802.0010/com.huawei.cloudlink.workplace |
| X-L | Used for internationalization language setting | No | String | zh |
| X-client-id | Application authorization ID | Yes | String | nTo1eRIub60vPb54WeE6aojPwYwImtl4 |
Request Example
json
{
"email":"zhangsan@qq.com",
"password":"123456"
}Request Parameters
| Parameter Name | Name | Required | Type | Description |
|---|---|---|---|---|
| Yes | String | |||
| password | Password | Yes | String | Password |
Response Examples
Success Example 1 (User matched, returns session_token)
HTTP/1.1 200 OK
json
{
"session_token": "btsiBjx85prcZu6I6Ki057Tmw3nSF2VO",
"expire": 604800,
"status": "SUCCESS",
"id_token": "eyJraWQiOiJrMSIsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJJc3N1ZXIiLCJhdWQiOiJBdWRpZW5jZSIsImV4cCI6MTY1MzQ4NDQxMiwianRpIjoieUxSVGZXY1VkYk9PeUFpbHdZU0ZqZyIsImlhdCI6MTY1MzQ2NjQxMiwibmJmIjoxNjUzNDY2MjkyLCJzdWIiOiJzdWJqZWN0IiwiYXBpIjoie1wibmFtZVwiOlwiXCIsXCJtb2JpbGVcIjpcIis4Ni0xNTkwNzEzMjg1MlwiLFwiaWRcIjpcIjIwMjIwNDI1MTQwMTM4NTE5LUJGMUItNTI4QjA1NTFCXCIsXCJ1c2VyTmFtZVwiOlwibG91eGlcIixcImVtYWlsXCI6XCIxMUBxcS5jb21cIn0ifQ.al79knH1fKa4aT4AFr_FMjqBKu2pV_g-lKzzgHzmor5X-dHwSBUtjH38KOzjIqHvkcRMjXQuBnWmjRI7-0Djn2LuWVueaf3wRXLscCWiSDC7chjUyTRXMatYINxdvW-oSWFYGFqqbdsavLqOnvehd7ahEaTuiL9yZolvslZIkIxjxBJJu7A9Ln2sk3wf9pxXU83jIJ8ubPQBoVS-ilerTTJOKDZ9XsL2ftJsaqdTJK_mYbvKaVpLIVyHHJ2NcF6f-Al4N4kc8cgxtSgSKFDcR7Bz7dYlOcfUXCPAzJ3NZInm8UaksiWU02tvlvTRvRdoxZNnvD5vamZ5hjFc-cW5jA"
}Success Example 2 (Password expiring soon flow)
HTTP/1.1 200 OK
json
{
"status": "PASSWORD_WARN",
"state_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ7XCJ1c2VySWRcIjpcIjIwMjIwMjExMTY0NDUwNjk5LTE2M0QtNTVFMEI1RTRCXCIsXCJzdGF0dXNcIjpcIlBBU1NXT1JEX0VYUElSRURcIn0iLCJleHAiOjE2NDQ1NzEzNjAsImlhdCI6MTY0NDU2OTU2MCwianRpIjoiMTY0NDU2OTU2MDIwNDAifQ.WGk9GGQGmKsmo4UmCzKfiC9x1Fj0WBowdO7jEStMvB4",
"data": "{\"maxLength\":18,\"minLength\":8,\"regEx\":\"^.{8,18}$\",\"tip\":\"Password length must be between 8 and 18\",\"verifyTypes\":{\"PWD\":null,\"MOBILE\":\"+86-130****1234\",\"EMAIL\":\"****@qq.com\"}}"
}Success Example 3 (Password expired flow)
HTTP/1.1 200 OK
json
{
"status": "PASSWORD_EXPIRED",
"state_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWJqZ3QiOiJ7XCJzdGF0ZVwiOlwiUEFTU1dPUkRfV0FSTlwiLFwidXNlcklkXCI6XCIyMDIxMDcyNjE3NDA1ODE0NS05MUJDLTEzRTAxNEFCQlwifSIsImlkIjoiMjAyMTA3MjYxNzQwNTgxNDUtOTFCQy0xM0UwMTRBQkIiLCJleHAiOjE2MjQ3MTkwLCJpYXQiOjE2MjQ2ODg0NjU5MH0.-egHWNfNPIxNnM540_wTYMtFwB4C9ymznEPRiIC4we0",
"data": "{\"maxLength\":18,\"minLength\":8,\"regEx\":\"^.{8,18}$\",\"tip\":\"Password length must be between 8 and 18\",\"verifyTypes\":{\"PWD\":null,\"MOBILE\":\"+86-130****1234\",\"EMAIL\":\"****@qq.com\"}}"
}Success Example 4 (Secondary authentication flow)
HTTP/1.1 200 OK
json
{
"status": "MFA_AUTH",
"state_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWJqZ3QiOiJ7XCJzdGF0ZVwiOlwiUEFTU1dPUkRfV0FSTlwiLFwidXNlcklkXCI6XCIyMDIxMDcyNjE3NDA1ODE0NS05MUJDLTEzRTAxNEFCQlwifSIsImlkIjoiMjAyMTA3MjYxNzQwNTgxNDUtOTFCQy0xM0UwMTRBQkIiLCJleHAiOjE2MjQ3MTkwLCJpYXQiOjE2MjQ2ODg0NjU5MH0.-egHWNfNPIxNnM540_wTYMtFwB4C9ymznEPRiIC4we0",
"data": "[\"SMS\",\"EMAIL\"]"
}Success Example 5 (Access denied flow)
HTTP/1.1 200 OK
json
{
"status": "ACCESS_DENIED",
"state_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWJqZ3QiOiJ7XCJzdGF0ZVwiOlwiUEFTU1dPUkRfV0FSTlwiLFwidXNlcklkXCI6XCIyMDIxMDcyNjE3NDA1ODE0NS05MUJDLTEzRTAxNEFCQlwifSIsImlkIjoiMjAyMTA3MjYxNzQwNTgxNDUtOTFCQy0xM0UwMTRBQkIiLCJleHAiOjE2MjQ3MTkwLCJpYXQiOjE2MjQ2ODg0NjU5MH0.-egHWNfNPIxNnM540_wTYMtFwB4C9ymznEPRiIC4we0",
"data": "Access denied"
}Error Example
HTTP/1.1 400 Bad Request
json
{
"error_code": "SDK.COMMON.1001",
"error_msg": "Parameter X-client-id cannot be left blank."
}Response Parameters
| Parameter Name | Name | Type | Description |
|---|---|---|---|
| status | Login flow status identifier | String | Possible values for this field: |
| expire | session_token validity period | Number | Validity period of session_token; within this period, session_token can be used to obtain a ticket |
| session_token | User session_token | String | User session_token; this token can be used to call BambooCloud IDaaS APIs to obtain a ticket, which can be exchanged for user information |
| state_token | User state token | String | Token carrying user state |
| data | Response description | String | Response description |
| id_token | Short-term valid interface call credential | String | This field is a JWT containing user information and the application's scope information; it must be verified and parsed. Default validity is 2 hours and is configurable |