RESTAPI:Email based Verification: Unterschied zwischen den Versionen

Version vom 16. August 2023, 15:28 Uhr

Using the email based verification, a verification has to be performed for each sender email address. This makes sure that the sender address that is being used for a transfer through the REST API is valid and authorized for use by its owner. That's important, because the Cryptshare Policy set up on the server grants usage permissions and settings based on the email addresses used for a transfer. To verify a specific sender email address, you need to send a verification request for that email address to the Cryptshare Server (step 1). The Cryptshare Server will then send a verification email containing a verification code to the specified sender email address. This verification code will then need to be sent to the Cryptshare server via the REST API to prove that the request was authorized by the email address owner (step 2). When the verification code is correct, a verification token is assigned to the REST API consumer that now can be used for the different services. This verification token is only valid for the respective email address and client id. We recommend the email based verification approach for all purposes where users want to perform actions for themselves and have access to their own email inbox, especially for web applications.

Preparation: Check availability for email based verification

GET https://<your-url>/api/users/<email-address>/verification

You can determine which verification methods are available for a client id with the contents of the field verificationMethods. When the value email is contained, email based verification is available.

Step 1: Request verification code

POST https://<your-url>/api/users/<email-address>/verification/code/email

In the Cryptshare Administration Interface, see chapter Verification, administrators are able to configure the maximum number of last issued verification codes for one email address. If this number is exceeded by subsequent requests to this endpoint, the earlier verification codes lose their validity. Verification Codes also have a maximum lifetime that can also be configured in the Cryptshare Administration Interface. As soon as the configured time passed, they cannot be used anymore for receiving a verification token.

Step 2: Send verification code and receive verification token

POST https://<your-url>/api/users/<email-address>/verification/token with verification code in body

@@ Zeile 1: / Zeile 1: @@
 Using the email based verification, a verification has to be performed for each sender email address. This makes sure that the sender address that is being used for a transfer through the REST API is valid and authorized for use by its owner. That's important, because the Cryptshare Policy set up on the server grants usage permissions and settings based on the email addresses used for a transfer. To verify a specific sender email address, you need to send a verification request for that email address to the Cryptshare Server (step 1). The Cryptshare Server will then send a verification email containing a verification code to the specified sender email address. This verification code will then need to be sent to the Cryptshare server via the REST API to prove that the request was authorized by the email address owner (step 2). When the verification code is correct, a verification token is assigned to the REST API consumer that now can be used for the different services. This verification token is only valid for the respective email address and client id. We recommend the email based verification approach for all purposes where users want to perform actions for themselves and have access to their own email inbox, especially for web applications.
-== Step 0: Check availability for email based verification ==
+== Preparation: Check availability for email based verification ==
 GET https://<your-url>/api/users/<email-address>/verification