Auth JSON API Documentation
Path | /auth/checkAvailability |
---|---|
Method | POST |
Description | Used to check if an email is in-use as a Storm Dev account. |
Request Type | |
application/json
|
|
Request Format | |
{
"email": "<Email to check availability of>"
}
|
|
Response Type | |
text/plain
|
|
Responses | |
true |
The email is available and not in use as a Storm Dev account |
false |
The email is not available and is in use as a Storm Dev account |
Errors | |
400 |
The received request was not in a JSON format |
401 |
The received request did not specify an email to check the availability of |
Path | /auth/login |
---|---|
Method | POST |
Description | Login to a Storm Dev account. |
Request Type | |
application/json
|
|
Request Format | |
{
"email": "<Email of the account>",
"password": "<Password of the account>"
}
|
|
Response Type | |
application/json
|
|
Responses | |
{
"success": true,
"sessionID": "<SessionID>",
"email": "<Email>",
"fullName": "<Full Name>",
"nickName": "<Nick Name>",
"profileURL": "<URL of profile picture>",
"receiveEmails": "<true/false>",
"rank": "<DEFAULT / ADMIN / SUPER_ADMIN / OWNER>"
} |
The login was successful and the server returned the information for the account. Keep a note of the sessionID as you may need this later. |
{
"success": false,
"error": "cooldown",
"wait": "<Cooldown time to next login in milliseconds>"
} |
There have been too many login attempts within a short space of time, so you have to wait the time specified before trying to login again. |
{
"success": false,
"error": "wrongPassword"
} |
The username or password for the account was wrong |
{
"success": false,
"error": "error"
} |
An unknown error occured when trying to login |
Errors | |
400 |
The received request was not in a JSON format |
401 |
The received request did not specify an email for the account to login to |
402 |
The received request did not specify a password for the account to login to |
403 |
Cooldown to next login attempt |
404 |
The username or password for the account was wrong |
405 |
An unknown error occured when trying to login |
Path | /auth/doActivity |
---|---|
Method | POST |
Description | Tell Storm Dev the login session is active (aka the user is doing things) so that the account isn't logged out automatically for being idle. |
Request Type | |
application/json
|
|
Request Format | |
{
"email": "<Email of the login session>",
"sessionID": "<SessionID of the login session>"
}
|
|
Response Type | |
text/plain
|
|
Responses | |
true |
Successfully told Storm Dev the login session is active |
false |
An error occured |
Errors | |
400 |
The received request was not in a JSON format |
401 |
The received request did not specify the email of the login session |
402 |
The received request did not specify the sessionID of the login session |
403 |
There is no login session for that email (They aren't logged in) |
404 |
Invalid sessionID |
Path | /auth/loginInfo |
---|---|
Method | POST |
Description | On a website etc... using Storm Dev logins, the website can send the user to https://stormdev.org/login.jsp?callback=<URL of the website> where the user can login and then will be sent back to the URL specified with addition of the GET parameters 'email' and 'code'. This request can then be used within one minute to use the email and code to get the same response as /auth/login allowing for simple 3rd party logins with StormDev accounts. |
Request Type | |
application/json
|
|
Request Format | |
{
"email": "<Email to get the login info for>",
"code": "<One time login code provided by Storm Dev>"
}
|
|
Response Type | |
application/json
|
|
Responses | |
{
"success": false,
"error": "expired"
} |
The login code was either wrong or has expired (It's been longer than a minute since the user logged in) |
false |
An error occured |
{
"success": false,
"error": "invalidCode"
} |
The login code was wrong |
{
"success": false,
"error": "notLoggedIn"
} |
The user has now logged out |
{
"success": true,
"sessionID": "<SessionID>",
"email": "<Email>",
"fullName": "<Full Name>",
"nickName": "<Nick Name>",
"profileURL": "<URL of profile picture>",
"receiveEmails": "<true/false>",
"rank": "<DEFAULT / ADMIN / SUPER_ADMIN / OWNER>"
} |
The server successfully retrieved and sent the login information for the account. To use Storm Dev logins securely, you should next validate the sessionID |
Errors | |
400 |
The received request was not in a JSON format |
401 |
The received request did not specify the email of the login session |
402 |
The received request did not specify the login code |
403 |
The login code expired |
404 |
Invalid login code |
405 |
The user has logged out |
Path | /auth/validateSession |
---|---|
Method | POST |
Description | Check if a login session with Storm Dev is valid |
Request Type | |
application/json
|
|
Request Format | |
{
"email": "<Email of the login session>",
"sessionID": "<SessionID of the login session>"
}
|
|
Response Type | |
text/plain
|
|
Responses | |
true |
The login session is valid |
false |
The login session is invalid |
Errors | |
400 |
The received request was not in a JSON format |
401 |
The received request did not specify the email of the login session |
402 |
The received request did not specify the sessionID of the login session |
403 |
There is no login session for that email (They aren't logged in) |
404 |
Invalid sessionID |
Path | /auth/logout |
---|---|
Method | POST |
Description | Logout a Storm Dev login session. Can be done with either the SessionID or the account password. |
Request Type | |
application/json
|
|
Request Formats | |
{
"email": "<Email of the login session>",
"sessionID": "<SessionID of the login session>"
}
|
|
{
"email": "<Email of the login session>",
"password": "<Password of the login session>"
}
|
|
Response Type | |
text/plain
|
|
Responses | |
true |
Successfully logged out the login session |
false |
Failed to logout the login session |
Errors | |
400 |
The received request was not in a JSON format |
401 |
The received request did not specify the email of the login session |
402 |
The received request did not specify the sessionID or password of the login session/account |
403 |
There is no login session for that email (They aren't logged in) |
404 |
Invalid sessionID or password |
404 |
An unknown error occured when trying to logout |
Path | /auth/clientDualAuth |
---|---|
Method | POST |
Description | This is used when a client wants to prove it's genuinely logged into a Storm Dev login session to a server or other client, but doesn't want to send the sessionID (Because that'd give the other client/server control of the session). Eg. When a game wants to join a server. The client will first make a request to /auth/clientDualAuth which will return an AuthKey . Next then there is 1 minute for the other client/server to send a request to /auth/serverDualAuth with the AuthKey and if it's valid will be told the same as /auth/login except without the sessionID. |
Request Type | |
application/json
|
|
Request Format | |
{
"email": "<Email of the login session>",
"sessionID": "<SessionID of the login session>"
}
|
|
Response Type | |
application/json
|
|
Responses | |
{
"success": false,
"error": "invalidSession"
} |
SessionID is wrong or there is no login session for the account (They aren't logged in) |
{
"success": true,
"authKey": "<Auth Key>"
} |
The login session is valid and the server has generated and returned an AuthKey for use with /auth/serverDualAuth |
Errors | |
400 |
The received request was not in a JSON format |
401 |
The received request did not specify the email of the login session |
402 |
The received request did not specify the sessionID of the login session/account |
403 |
There is no login session for that email (They aren't logged in) |
404 |
Invalid sessionID |
Path | /auth/serverDualAuth |
---|---|
Method | POST |
Description | This is the second part of a client trying to prove it's logged in to a valid Storm Dev login session to a server or other client. In this part, the AuthKey sent to the client in the first stage has been sent to the server/other client and now that server/other client needs to make a request to /auth/serverDualAuth to validate it and retrieve the login information. |
Request Type | |
application/json
|
|
Request Format | |
{
"email": "<Email of the login session>",
"authKey": "<AuthKey generated by request to /auth/clientDualAuth>"
}
|
|
Response Type | |
application/json
|
|
Responses | |
{
"success": false,
"error": "invalidSession"
} |
There is no login session for the account (They aren't logged in) |
{
"success": false,
"error": "noClientRequest"
} |
There is no auth request from the client. Either it's been longer than a minute since the client made the request, or they aren't genuinely logged into a Storm Dev login session |
{
"success": false,
"error": "badAuthKey"
} |
Either the AuthKey received from the client was wrong or they aren't genuinely logged into a Storm Dev login session |
{
"success": true,
"email": "<Email>",
"fullName": "<Full Name>",
"nickName": "<Nick Name>",
"profileURL": "<URL of profile picture>",
"receiveEmails": "<true/false>",
"rank": "<DEFAULT / ADMIN / SUPER_ADMIN / OWNER>"
} |
The server successfully retrieved and sent the login information for the account. |
Errors | |
400 |
The received request was not in a JSON format |
401 |
The received request did not specify the email of the login session |
402 |
The received request did not specify the AuthKey |
403 |
There is no login session for the account (They aren't logged in) |
404 |
There is no auth request from the client. Either it's been longer than a minute since the client made the request, or they aren't genuinely logged into a Storm Dev login session |
405 |
Bad AuthKey : Either the AuthKey received from the client was wrong or they aren't genuinely logged into a Storm Dev login session |