Authentication

The authentication endpoints are used to manage access to the xAPI session.

Log into the xAPI


POST /authentication/login


Sending this endpoint logs the user in and starts a new xAPI session. Two tokens are returned: the session token and a refresh token.

Payload

Required

Key Type Description
UserID string xAPI user ID defined in EPASS.
Password string User ID password.
OrganizationID string Your orginization ID.
ApplicationName string The name of your application that is accessing EPASS via the xAPI. Note: This is a freeform field that is not validated by the xAPI.

Optional

Key Type Description
BranchCode string The store branch code. Branch codes are located in EPASS at Tools > System Maintenance > Tables > Branch.
TerminalCode string The Terminal code. You can locate this code in EPASS at Tools > System Maintenance > Tables > Branch. Select the branch code, and then click Terminals.

Sample: Logging In


POST /authentication/login 
{
    "UserId": "CGN",
    "Password": "12345",
    "OrganizationId": "ACME APPLIANCE",
    "ApplicationName": "ACME WEBSTORE APP",
    "BranchCode": "001",
    "TerminalCode": "default"
}   

{
    "successful": true,
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9",
    "tokenExpiry": "2022-01-25T10:03:00.2225716-08:00",
    "additionalMessages": "Login successful.",
    "refreshToken": "bHVOZAuXqkQVieTobFgAjOnqh",
    "refreshExpiry": "2022-01-25T10:03:00.2227206-08:00"
}

{
    "successful": false,
    "token": null,
    "tokenExpiry": null,
    "additionalMessages": "Invalid user or password.",
    "refreshToken": null,
    "refreshExpiry": "0001-01-01T00:00:00"
}

Refresh Your Login Tokens


PUT /authentication/tokenrefresh


This endpoint returns new session and refresh tokens.

Payload

Key Type Description
CurrentToken string Your session token.
RefreshToken string Your refresh token.

Sample: Refreshing Your Login Tokens


PUT /authentication/tokenrefresh
{
    "CurrentToken": "123456789",
    "RefreshToken": "987654321"
}

{
    "successful": true,
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ",
    "tokenExpiry": "2022-01-26T15:05:15.6413881-08:00",
    "additionalMessages": "Refresh successful.",
    "refreshToken": "IqXRYpohZhg6Zvd9DXpvcGt6N",
    "refreshExpiry": "2022-01-26T15:05:15.6415093-08:00"
}

{
    "successful": false,
    "token": null,
    "tokenExpiry": null,
    "additionalMessages": "An error occured attempting to parse the 		users session token. The message returned was: \"IDX12709: 				CanReadToken() returned false. JWT is not well formed: 					'System.String'.\nThe token needs to be in JWS or JWE Compact 			Serialization Format. (JWS): 					'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.\"",
    "refreshToken": null,
    "refreshExpiry": "0001-01-01T00:00:00"
}

Validate Your Tokens


GET /authentication/tokenvalidate


This endpoint validates your session and refresh tokens. If both tokens are valid, a confirmation message is returned.

Sample: Validating Your Tokens


POST /authentication/tokenvalidate

{
    "success": true,
    "warning": false,
    "httpStatusCode": 0,
    "generalMessage": "Token is valid.",
    "exceptionMessage": null,
    "keys": [],
    "messages": [],
    "warnings": []
}

{
    "StackTrace": null,
    "Message": "Token expired.",
    "Data": {},
    "InnerException": null,
    "HelpLink": null,
    "Source": "Establish sesssion from token.",
    "HResult": -2146233088
}

Log Out of the xAPI


DEL /authentication/logout


This endpoint logs you out of the xAPI by invalidating your tokens and ending the xAPI session.

Sample: Logging Out of the xAPI


DELETE /authentication/logout

{
    "success": true,
    "warning": false,
    "httpStatusCode": 0,
    "generalMessage": "Session was found and removed successfully.",
    "exceptionMessage": null,
    "keys": [],
    "messages": [],
    "warnings": []
}