Using HTTP Requests

Other than the current flow in the SDK, you can also request for OAuth Tokens using http requests directly to Cotter's server.

You need to have either:

Cotter's Identity Token that you get from verifying user's email/phone number OR
Cotter's Event Token that you get from authenticating using Trusted Device, Biometric or Pin.

Getting Tokens using Identity Token

After successfully verifying user's email or phone number, you'll receive Cotter's Identity Token. Pass it to the body of the request under field identity_token

curl -XPOST \
-H 'API_KEY_ID: <YOUR API KEY ID>' \
-H 'API_SECRET_KEY: <YOUR API SECRET KEY>' \
-H "Content-type: application/json" \
-d '{
  "grant_type": "identity_token",
  "identity_token": {                // 👈 Put Identity Token Here
    "expire_at": "1588849208",
    "identifier": "hello@gmail.com",
    "identifier_id": "e8a47aff-f520-4b8d-952b-79d36d10fb3e",
    "identifier_type": "EMAIL",
    "receiver": "<YOUR API KEY ID>",
    "signature": "21P6mXSF2x357kZGkEMQTRTn3r...",
    "timestamp": "1586257208"
  }
}' 'https://www.cotter.app/api/v0/token'

Getting Tokens using Identity Token

POST https://www.cotter.app/api/v0/token

Getting OAuth tokens using Cotter's Identity Token

Headers

Name Type Description

Name	Type	Description
API_KEY_ID	string	Your `API_KEY_ID`
API_SECRET_KEY	string	Your `API_SECRET_KEY`
Content-type	string	application/json

API_KEY_ID

string

Your API_KEY_ID

API_SECRET_KEY

string

Your API_SECRET_KEY

Content-type

string

application/json

Request Body

Name Type Description

Name	Type	Description
grant_type	string	Grant type is `identity_token`
identity_token	object	Cotter's Identity Token returned to you after successfully verifying user's email or phone number.

grant_type

string

Grant type is identity_token

identity_token

object

Cotter's Identity Token returned to you after successfully verifying user's email or phone number.

{
  "access_token": "eyJhbGciOiJFUzI1Ni...",
  "auth_method": "OTP",
  "expires_in": 3600,
  "id_token": "eyJhbGciOiJFUzI1N...",
  "refresh_token": "17:nQEk14mCp4sQs5...",
  "token_type": "Bearer"
}

Getting Tokens using Event Token

After successfully authenticating users using Trusted Devices, you will receive Cotter's Event Token. Pass it to the body of the request under field event_token

curl -XPOST \
-H 'API_KEY_ID: <YOUR API KEY ID>' \
-H 'API_SECRET_KEY: <YOUR API SECRET KEY>' \
-H "Content-type: application/json" \
-d '{
  "grant_type": "event_token",
  "event_token": {                  // 👈 Put Event Token Here
    "CreatedAt": "2020-04-07T11:09:03.246703978Z",
    "DeletedAt": null,
    "ID": 264,
    "UpdatedAt": "2020-04-07T11:09:03.246703978Z",
    "approved": true,
    "client_user_id": "xyzABC123",
    "event": "LOGIN",
    "ip": "73.15.208.6",
    "issuer": "<YOUR API KEY ID>",
    "location": "San Francisco",
    "method": "TRUSTED_DEVICE",
    "new": false,
    "signature": "CLQUgAUEuMebLAEQ...",
    "timestamp": "1586257743"
  }
}' 'https://www.cotter.app/api/v0/token'

Getting Tokens using Event Token

POST https://www.cotter.app/api/v0/token

Getting OAuth tokens using Cotter's Event Token

Headers

Name Type Description

Name	Type	Description
API_KEY_ID	string	Your `API_KEY_ID`
API_SECRET_KEY	string	Your `API_SECRET_KEY`
Content-type	string	application/json

API_KEY_ID

string

Your API_KEY_ID

API_SECRET_KEY

string

Your API_SECRET_KEY

Content-type

string

application/json

Request Body

Name Type Description

Name	Type	Description
grant_type	string	Grant type is `event_token`
event_token	object	Cotter's Event Token returned to you after successfully authenticate users using Trusted Device

grant_type

string

Grant type is event_token

event_token

object

Cotter's Event Token returned to you after successfully authenticate users using Trusted Device

PreviousOlder API NextGetting the Tokens

Last updated 4 years ago