Authentication
To create a session POST api key credentials for the appropriate ORG. These can be obtained from admin under Api Keys. An email should be passed with the request but is not used as part of the authentication. GET on the same URL can be used to check the status and DELETE to destroy the session.
Note that API key authentication is currently limited to the Admin GraphQL schema.
Session
Create
POST https://rest.weave.io/session
{
"uid":"---api key---",
"password":"---api secret---",
"credential":"ApiKey",
"email":"admin@someorg.com"
}
Check
GET https://rest.weave.io/session
Close
DELETE https://rest.weave.io/session
User Authentication
The following is the user flow for logging in. This can be done within an application or by using a testing tool such as Insomnia to confirm and test GraphQL queries.
Step 1 - request a PIN code
Request a PIN code from the server. The email used should be a registered account email.
POST: https://rest.weave.io/user/graphql
sendVia: Both | Sms | Email
mutation {
sendPinCode(email: "xxxx@xxxx" , sendVia: Both)
}
Successful response.
{
"data": {
"sendPinCode": true
}
}
Step 2 - use the PIN code to get the token id and secret
Generate a fresh UUID to identify the device. This should be persisted so that it can be the same UUID every time. Confirm the PIN code sent via email and sms to obtain a token ID and token secret.
POST: https://rest.weave.io/user/graphql
mutation {
checkPinCode(email: "xxxx@xxxx", pin: "XXXXX", device: "<create a unique device UUID>", host: "CLI") {
token
tokenId
result
}
}
{
"data": {
"checkPinCode": {
"token": "<your token secret>",
"tokenId": "<your token uuid>",
"result": true
}
}
}
Step 3 - login
Using the token id and secret from the prior step complete the login. This will create a long lived device session.
POST:- https://rest.weave.io/session
uid = token id
password = token secret
{
"uid":"<token id>",
"password":"<token secret>",
"credential":"Token",
"email":"<account email>"
}