RESTAPI:Client id based Verification

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche

With Client id based verification, any sender email address can be used for the services, without having to perform an email based verification process. For this, a client id has to be registered in the Cryptshare administration interface (step 0b). After registering the REST API consumer can request a verification token for a specific email address (step 1). This verification token is only valid for the respective email address and the requesting client id. The same client id can request verification tokens for different email addresses that only work together as the email address and verification token pair. Please note: Using Client id based verification increases the risk of abuse, since anyone with access to the client id can use the services using any sender email address. It is therefore recommended that Client id based verification only be used if email based verification does not meet your requirements and the client id is not publicly available as in web application calls. Instead, only server-side applications or other applications where REST API calls are not easily visible via the browser's developer tools. Therefore, we recommend the client id based verification only for server applications or trusted environments. Data gained from the server application could be offered to the respective users when custom authentication mechanisms are used.


Step A: Check availability for client id based verification

GET https://<your-url>/api/users/<email-address>/verification

You can determine which verification methods are available for a client id with the contents of the field verificationMethods. When the value clientId is contained, client id based verification can be used. If it is not contained, please register the client id in the Cryptshare Administration Interface, see the next section.

Step B: Register client id in Cryptshare administration interface

Rest api client id.png

After the client id has been registered in the Cryptshare administration interface, check the availability for client id based verification again.

Step 1: Request verification token

POST https://<your-url>/api/users/<email-address>/verification/token

In order to request your verification token, send an empty JSON object { } in the request body and set the Content-Type header to application/json.