๐Ÿ“‡Auth

This documentation provides an overview of the main functionalities provided by the Whirlprivacy.io platform, focusing on the authentication process.

POST /auth/login

Description:

Authenticates a user by verifying the signature of a previously issued challenge. Upon successful authentication, it generates a token that is used for subsequent requests that require authentication.

Parameters:

Parameter
Type
Description
Required

authAddress

string

The blockchain address of the user

Yes

authSignature

string

The signature of the challenge message

Yes

authChallenge

string

The challenge message that was signed

Yes

Response:

{
  "error": [],
  "result": {
    "type": "bearer",
    "token": "string",
    "expiresAt": "int"
  }
}

Error Handling:

Error Code
Description

E_INVALID_OR_EXPIRED_CHALLENGE

Invalid or expired challenge

E_INVALID_SIGNER

The signer address does not match the provided address

E_INVALID_SIGN_DATA

The signature data is invalid

E_CREATING_USER

Error occurred while creating a new user

Example Code:

const fetch = require('node-fetch');

const BASE_URL = 'https://api.whirlprivacy.io/';

const login = async () => {
  const bodyData = {
    authAddress: '0x...',
    authSignature: 'string',
    authChallenge: 'string'
  };

  try {
    const response = await fetch(`${BASE_URL}auth/login`, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(bodyData)
    });
    const data = await response.json();

    console.log(data.result);
  } catch (error) {
    console.error('Error logging in:', error);
  }
};

login();

GET /auth/refresh

Description:

Refreshes a user's authentication token to extend their session without requiring them to re-authenticate.

Parameters:

No parameters are required for this endpoint as it uses the user's current authentication token for verification.

Headers:

Header Name
Value
Description

X-API-key

base64

API token obtained after authentication.

Response:

{
  "error": [],
  "result": {
    "type": "bearer",
    "token": "string",
    "expiresAt": "int"
  }
}

Error Handling:

Error Code
Description

E_UNAUTHORIZED

Unauthorized access

Example Code:

const fetch = require('node-fetch');

const BASE_URL = 'https://api.whirlprivacy.io/';
const API_KEY = 'your_api_token';

const refreshAuthToken = async () => {
  try {
    const response = await fetch(`${BASE_URL}auth/refresh`, {
      method: 'GET',
      headers: {
        'X-API-Key': API_KEY
      }
    });
    const data = await response.json();

    console.log(data.result);
  } catch (error) {
    console.error('Error refreshing auth token:', error);
  }
};

refreshAuthToken();

GET /auth/challenge

Description:

Issues a challenge message containing a nonce for the user to sign with their private key. This is the first step in the authentication process.

Parameters:

No parameters are required for this endpoint.

Response:

In addition to the timestamp given, the response will be to sign a message that will look like this: "Welcome to Whirl Privacy, in order to authenticate and use the platform, you need to sign this message. Nonce:"

It won't work if you only sign the timestamp and not the message or vice versa.

{
  "error": [],
  "result": {
    "challenge": "int"
  }
}

Error Handling:

None

Example Code:

const fetch = require('node-fetch');

const BASE_URL = 'https://api.whirlprivacy.io/';

const getAuthChallenge = async () => {
  try {
    const response = await fetch(`${BASE_URL}auth/challenge`);
    const data = await response.json();

    console.log(data.result);
  } catch (error) {
    console.error('Error fetching auth challenge:', error);
  }
};

getAuthChallenge();
PreviousAPINextUser

Last updated