Authentication

Getting apikey/apptoken

To acquire an apikey for your application, you must register your application with Epixel MLM software. Then you will get a unique apikey based on your application type.

You will use this apikey in your request's header. Here is an example:

apikey: {apikey}

This will necessary for your every use cases, that means every request's to Epixel MLM API must require have apikey.

Access and Refresh token

The Epixel MLM API uses JSON Web Tokens (JWT) to authenticate user-level access. These tokens offer a method to establish secure server-to-server authentication by transferring a compact JSON object with a signed payload of your account’s details.

When authenticating to the Epixel MLM API, there are two JWT's (refresh and access token) should be generated uniquely by a server-side application and included access token as a Bearer Token in the header of each request.

Access token has only a limited time validity. After that you need to request for new access token using the refresh token.

To get access and refresh token you must request to login endpoint with apikey in header also username and password in the request body. After successfull authentication you will get the access and refresh token for that specific user.

API Authentication

For accessing each endpoint users should have an access token. To receive this, users should authenticate by the username and password provided with the API key. By using this access token users can connect to the API end-points.

POST ‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎https://<domain>/<api prefix>/<version>/user/login/

This API endpoint will return an access and refresh token for the user.

Headers

Name	Type	Description
apikey*	string

Name

Type

Description

apikey*

string

Request Body

Name	Type	Description
username*	string
password*	string

Name

Type

Description

username*

string

password*

string

HTTP/1.1 200 OK
Content-Type: application/json

Body:
{
    "refresh": <refresh token>,
    "access": <access token>
}

Sample Code

Node

var request = require('request');
var options = {
  'method': 'POST',
  'url': '‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎https://<domain>/<api prefix>/<version>/user/login/',
  'headers': {
    'apikey': '<apikey>',
  },
  formData: {
    'username': '<username>',
    'password': '<password>'
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});

PHP

<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎‎https://<domain>/<api prefix>/<version>/user/login/",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => array('username' => '<username>','password' => '<password>'),
  CURLOPT_HTTPHEADER => array(
    "apikey: <apikey>"
  ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;

Error Reponses

Status

Code Error

Type Description

401

Authentication failed

The supplied authentication credentials are invalid.

401

Inactive Account

No active account found with the given credentials.

401

Access Blocked

Your account is blocked due to too many failed log-in attempts. Please try again in 10 minutes.

Token Refresh

POST ‎‎https://<domain>/<api prefix>/<version>/user/token/refresh/

This API endpoint will return a new access token for the user.

Headers

Name	Type	Description
apikey*	string	apikey

Name

Type

Description

apikey*

string

apikey

Request Body

Name	Type	Description
refresh*	string	R‎efresh Token

Name

Type

Description

refresh*

string

R‎efresh Token

HTTP/1.1 200 OK
Content-Type: application/json

Body:
{
    "access": <access token>
}

Sample code

Node

var request = require('request');
var options = {
  'method': 'POST',
  'url': '‎https://<domain>/<api prefix>/<version>/user/token/refresh/',
  'headers': {
    'apikey': '<apikey>'
  },
  formData: {
    'refresh': '<refresh token>'
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});

PHP

<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "‎https://<domain>/<api prefix>/<version>/user/token/refresh/",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => array('refresh' => '<refresh token>'),
  CURLOPT_HTTPHEADER => array(
    "apikey: <spaikey>"
  ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;

Error Responses

Status Code

Error Type

Field

Description

400

Validation Error

refresh

The supplied authentication credentials are invalid.

400

Validation Error

refresh

No active account found with the given credentials.

Logout

POST ‎‎https://<domain>/<api prefix>/<version>/user/logout/

This API endpoint will blacklist the refresh token generated for the user.

Headers

Name	Type	Description
apikey*	string	apikey
Authorization*	string	Authorization Bearer Token

Name

Type

Description

apikey*

string

apikey

Authorization*

string

Authorization Bearer Token

Request Body

Name	Type	Description
refresh*	string	refresh token

Name

Type

Description

refresh*

string

refresh token

HTTP/1.1 200 OK
Content-Type: application/json

Body:
{
    "status_code": 200,
    "errors": {},
    "data": {}
}

Sample code

Node

var request = require('request');
var options = {
  'method': 'POST',
  'url': '‎https://<domain>/<api prefix>/<version>/user/logout/',
  'headers': {
    'apikey': '<apikey>',
    'Authorization': 'Bearer <access token>'
  },
  formData: {
    'refresh': '<refresh token>'
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});

PHP

<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "‎https://<domain>/<api prefix>/<version>/user/logout/",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => array('refresh' => '<refresh token>'),
  CURLOPT_HTTPHEADER => array(
    "apikey: <apikey>",
    "Authorization: Bearer <access token>"
  ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;

Error Responses

Same error reponses of token refresh endpoint

Common Authentication Error Responses

Status Code

Error Type

Description

401

Bad Authorization Header

Missing required authorization header.

401

Bad Authorization Header

Authorization header must contain two space-delimited values.

401

Invalid Access Token

The supplied access token is invalid or expired.

PreviousIntroduction NextUser Registration

Last updated 3 years ago

Getting apikey/apptoken

Access and Refresh token

API Authentication

Login

Headers

Request Body

Sample Code

Token Refresh

Headers

Request Body

Sample code

Error Responses

Logout

Headers

Request Body

Sample code

Error Responses

Common Authentication Error Responses