๐Ÿ“‡Auth

This documentation provides an overview of the main functionalities provided by the Whirlprivacy.io platform, focusing on the authentication process.

POST /auth/login

Description:

Authenticates a user by verifying the signature of a previously issued challenge. Upon successful authentication, it generates a token that is used for subsequent requests that require authentication.

Parameters:

ParameterTypeDescriptionRequired

authAddress

string

The blockchain address of the user

Yes

authSignature

string

The signature of the challenge message

Yes

authChallenge

string

The challenge message that was signed

Yes

Response:

{
  "error": [],
  "result": {
    "type": "bearer",
    "token": "string",
    "expiresAt": "int"
  }
}

Error Handling:

Error CodeDescription

E_INVALID_OR_EXPIRED_CHALLENGE

Invalid or expired challenge

E_INVALID_SIGNER

The signer address does not match the provided address

E_INVALID_SIGN_DATA

The signature data is invalid

E_CREATING_USER

Error occurred while creating a new user

Example Code:

const fetch = require('node-fetch');

const BASE_URL = 'https://api.whirlprivacy.io/';

const login = async () => {
  const bodyData = {
    authAddress: '0x...',
    authSignature: 'string',
    authChallenge: 'string'
  };

  try {
    const response = await fetch(`${BASE_URL}auth/login`, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(bodyData)
    });
    const data = await response.json();

    console.log(data.result);
  } catch (error) {
    console.error('Error logging in:', error);
  }
};

login();

GET /auth/refresh

Description:

Refreshes a user's authentication token to extend their session without requiring them to re-authenticate.

Parameters:

No parameters are required for this endpoint as it uses the user's current authentication token for verification.

Headers:

Header NameValueDescription

X-API-key

base64

API token obtained after authentication.

Response:

{
  "error": [],
  "result": {
    "type": "bearer",
    "token": "string",
    "expiresAt": "int"
  }
}

Error Handling:

Error CodeDescription

E_UNAUTHORIZED

Unauthorized access

Example Code:

const fetch = require('node-fetch');

const BASE_URL = 'https://api.whirlprivacy.io/';
const API_KEY = 'your_api_token';

const refreshAuthToken = async () => {
  try {
    const response = await fetch(`${BASE_URL}auth/refresh`, {
      method: 'GET',
      headers: {
        'X-API-Key': API_KEY
      }
    });
    const data = await response.json();

    console.log(data.result);
  } catch (error) {
    console.error('Error refreshing auth token:', error);
  }
};

refreshAuthToken();

GET /auth/challenge

Description:

Issues a challenge message containing a nonce for the user to sign with their private key. This is the first step in the authentication process.

Parameters:

No parameters are required for this endpoint.

Response:

In addition to the timestamp given, the response will be to sign a message that will look like this: "Welcome to Whirl Privacy, in order to authenticate and use the platform, you need to sign this message. Nonce:"

It won't work if you only sign the timestamp and not the message or vice versa.

{
  "error": [],
  "result": {
    "challenge": "int"
  }
}

Error Handling:

None

Example Code:

const fetch = require('node-fetch');

const BASE_URL = 'https://api.whirlprivacy.io/';

const getAuthChallenge = async () => {
  try {
    const response = await fetch(`${BASE_URL}auth/challenge`);
    const data = await response.json();

    console.log(data.result);
  } catch (error) {
    console.error('Error fetching auth challenge:', error);
  }
};

getAuthChallenge();
PreviousAPINextUser

Last updated