Assemble Developer Portal

API docs by Redocly

Authentication (3.0)

Download OpenAPI specification:Download

This documentation describes how to authenticate with Assemble API using JSON Web Tokens.

Click here to view the JWT authentication guide.

Authentication

Generate pre-authentication token

Generate a pre-authentication token.

A pre-authentication token is a temporary token which is generated from a set of credentials and can then be used to generate a JSON Web Token using the /auth/api/token endpoint.

Request Body schema: application/json
email
required
string <email>

Email address of the user you are trying to authenticate

password
required
string

Password of the user are you trying to authenticate

Responses

Response Schema: application/json
token
required
string

The pre-authentication token

expires_at
required
string <date-time>

Date and time the pre-authentication token will expire

two_factor
required
string or null
Enum: "email" "sms" "auth_app" "magic_link"

Two factor authentication method

Request samples

Content type
application/json
{
  • "email": "john@example.com",
  • "password": "SuperSecurePassword123"
}

Response samples

Content type
application/json
{
  • "token": "string",
  • "expires_at": "2017-07-21T17:32:28Z",
  • "two_factor": "email"
}

Creating JSON Web Token

Create a JSON Web Token which can be used to access authenticated endpoints.

In order to generate a JSON Web Token, you must first generate a pre-authentication token.

Request Body schema: application/json
token
required
string

Pre-authentication token

minimal
boolean

Determine if we should generate a minimal version of the JWT token

key
string or null

Two factor authentication key generated from the users two factor method

Responses

Response Schema: application/json
token
required
string

JSON Web Token

Request samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZGlzcGxheV9uYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE1MTYyMzkwMjJ9.Boca2nntRviOO8IdiP4CZPnMmwZZ5be4Zoen60PswDo",
  • "minimal": true,
  • "key": "369741"
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZGlzcGxheV9uYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE1MTYyMzkwMjJ9.Boca2nntRviOO8IdiP4CZPnMmwZZ5be4Zoen60PswDo"
}

Refresh JSON Web Token

Refresh an existing JSON Web Token.

Your JSON Web Token should be sent in the body of the request.

You cannot refresh a JSON Web Token more than once. If your JSON Web Token becomes blacklisted, you will need to generate a new pre-authentication token and JSON web token.

Authorizations:
JWT
Request Body schema: application/json
token
required
string

Expired JSON Web Token

minimal
boolean

Determine if we should generate a minimal version of the JWT token

Responses

Response Schema: application/json
token
string

JSON Web Token

Request samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZGlzcGxheV9uYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE1MTYyMzkwMjJ9.Boca2nntRviOO8IdiP4CZPnMmwZZ5be4Zoen60PswDo",
  • "minimal": true
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZGlzcGxheV9uYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE1MTYyMzkwMjJ9.Boca2nntRviOO8IdiP4CZPnMmwZZ5be4Zoen60PswDo"
}