RESTAPI:Client id based Verification
With Client id based verification, any sender email address can be used for the services, without having to perform an email based verification process. For this, a client id has to be registered in the Cryptshare administration interface (step 0b). After registering, the REST API consumer can request Verification Tokens for arbitrary email addresses, using the registered client id. This verification token is only valid for the respective email address and the requesting client id. Please note: Using Client id based verification increases the risk of abuse, since anyone with access to the client id can use the services using any sender email address. It is therefore recommended that Client id based verification only be used if email based verification does not meet your requirements and the client id is not publicly available as in web application calls. Instead, only server-side applications or other applications where REST API calls are not easily visible via the browser's developer tools. Therefore, we recommend the client id based verification only for server applications or trusted environments. Data gained from the server application could be offered to the respective users when custom authentication mechanisms are used.
Preparation
Step A: Check availability for client id based verification
GET https://<your-url>/api/users/<email-address>/verification
You can determine which verification methods are available for a client id with the contents of the field verificationMethods. When the value clientId is contained, client id based verification can be used. If it is not contained, please register the client id in the Cryptshare Administration Interface, see the next section.
After the client id has been registered in the Cryptshare administration interface, check the availability for client id based verification again.
Step 1: Request verification token
POST https://<your-url>/api/users/<email-address>/verification/token
In order to request your verification token, send an empty JSON object { } in the request body and set the Content-Type header to application/json.
Using the verification token
Information how to use verification tokens can be found here.
Validity of the verification token
Please note: verification tokens have a limited validity and might need to be re-requested again at a later date. More information can be found here.