Create an authorization with a POST request to the endpoint.
If the account has two-factor authentication enabled or "twoFactor" is specified as true, the request will fail with status code 400, but will trigger the sending of a 2FA code to the user's mobile number. The request can then be attempted again with the code. If 2FA is disabled and "twoFactor" is omitted or false, the first request will succeed. Multiple authorization tokens can be retrieved for a single account.
The post body should contain the necessary data to create the authorization as a JSON object:
{
"expiry": "2016-07-23T12:45:21Z",
"code": "ABC123",
"twoFactor": true
}The response body will contain additional or updated information:
{
"id": 123456,
"expiry": "2016-07-23T12:45:21Z",
"token": "4d14e0f406cb4066b52251d5b9bb7bee",
"user": {
"id": 123456,
"email": "[email protected]",
"mobile": "16042656073",
"firstName": "Bob",
"lastName": "Smith"
},
}Variable | Description |
|---|---|
id | A unique ID for the authorization. Used to invalidate the token. |
expiry | The expiry date of the token, in ISO 8601 format without milliseconds. If omitted, the token never expires. |
token | An authorization token that can be used in requests in place of a password or API token. |
user | The authorized user. |