Authentication

Access token validation and legacy password login.

Access token validation

POST

https://api.funnelflux.pro/v1

/auth/validate

This endpoint will validate your current access token and reissue if it has expired (provided a refresh token is present).

A valid access token must be passed in the Bearer Authorization header (an expired access token is still valid)
Access tokens have an automatic expiry of 72 hours. Refresh tokens may expire or become invalid due to Auth0 limitations and tenant policy, and excessive refresh token issuing can invalidate older tokens.
If the access token is still valid, the response will return the current details and expiry
If the access token has expired and no refresh token is provided, the API will return 401
If receiving a 401 for an expired access token, pass refresh_token and the API will return an updated access token and expiry when the refresh token is still valid. If refresh fails, prompt for reauthorization.
It is your responsibility to programmatically store and update your temporary access tokens. Long-lived access tokens are not issued for security purposes

Access token validation › Request Body

refresh_token

string

Refresh Token. Only needed when a token is expired.

Example: xzjQT79U85k92jhE0CZjm....

Access token validation › Responses

Response will be a JSON object containing an access token and refresh token. You can ignore any other information in the response as this is not necessary for API usage.

Example response for valid access token:

Code
{
    "tokens":
    {
        "access_token": "value_here",
        "expires_at": 1656045319
    },
    "user":
    {
        "user_id": "auth0|XXX",
        "permissions": [
            "lumetric:access"
        ]
    }
}

Example response for expired access token + valid refresh token -> issues new access token

Code
{
    "tokens": {
        "access_token": "UPDATED_VALUE",
        "refresh_token": "VALUE", //not changed
        "expires_at": 1656091322 //new access token expiry
    },
    "user": {
        ...
    }
}

Example response for expired access token with no refresh token passed in body

This will not give a 200 response -- will return a 400 bad request error.

Code
{
    "error": "token is expired"
}

object

POST

https://api.funnelflux.pro/v1

/auth/login

NOTE: Avoid using this method. Rather, please log in normally and retrieve an access and refresh token via our UI. Only use this endpoint if you need to programmatically generate a new access/refresh token and do not currently have one, and for some reason cannot log in via the UI.

username

string · required

Your login username

Example: bob@smith.com

password

string · required

Your password

Example: s0me_super_un1que_pa$$word

issue_refresh_token

boolean · required

Optional flag to return a refresh token in response

Default: true

Response will be a JSON object containing an access token and refresh token. You can ignore any other information in the response as this is not necessary for API usage.

Example response for valid login

Code
{
    "tokens": {
        "access_token": "VALUE",
        "id_token": "VALUE", //ignore, not used for API requests
        "refresh_token": "VALUE",
        "expires_at": 1656091322 //access token expiry
    },
    "user": {
        "user_id": "auth0|XXXXXX", //your user ID in our system
        "permissions": [
            "lumetric:access"
        ],
        "email": "test@funnelflux.com",
        "email_verified": true,
        "name": "FunnelFlux Test User",
        "nickname": "test",
        "picture_url": "SOME_URL",
        "updated_at": 1655832122
    }
}

object

POST/auth/login

curl --request POST \
  --url https://api.funnelflux.pro/v1/auth/login \
  --header 'Content-Type: application/json' \
  --data '
{
  "username": "bob@smith.com",
  "password": "s0me_super_un1que_pa$$word",
  "issue_refresh_token": true
}
'

Example Request Body

{
  "username": "bob@smith.com",
  "password": "s0me_super_un1que_pa$$word",
  "issue_refresh_token": true
}

json

Example Responses

{
  "tokens": {
    "access_token": "access_token",
    "id_token": "id_token",
    "refresh_token": "refresh_token",
    "expires_at": "expires_at"
  },
  "user": {
    "user_id": "user_id",
    "permissions": "permissions",
    "email": "email",
    "email_verified": "email_verified",
    "name": "name",
    "nickname": "nickname",
    "picture_url": "picture_url",
    "updated_at": "updated_at"
  }
}

json

application/json

Access token validation

POST

https://api.funnelflux.pro/v1

/auth/validate

This endpoint will validate your current access token and reissue if it has expired (provided a refresh token is present).

A valid access token must be passed in the Bearer Authorization header (an expired access token is still valid)
Access tokens have an automatic expiry of 72 hours. Refresh tokens may expire or become invalid due to Auth0 limitations and tenant policy, and excessive refresh token issuing can invalidate older tokens.
If the access token is still valid, the response will return the current details and expiry
If the access token has expired and no refresh token is provided, the API will return 401
If receiving a 401 for an expired access token, pass refresh_token and the API will return an updated access token and expiry when the refresh token is still valid. If refresh fails, prompt for reauthorization.
It is your responsibility to programmatically store and update your temporary access tokens. Long-lived access tokens are not issued for security purposes

Access token validation › Request Body

refresh_token

string

Refresh Token. Only needed when a token is expired.

Example: xzjQT79U85k92jhE0CZjm....

Access token validation › Responses

Response will be a JSON object containing an access token and refresh token. You can ignore any other information in the response as this is not necessary for API usage.

Example response for valid access token:

Code
{
    "tokens":
    {
        "access_token": "value_here",
        "expires_at": 1656045319
    },
    "user":
    {
        "user_id": "auth0|XXX",
        "permissions": [
            "lumetric:access"
        ]
    }
}

Example response for expired access token + valid refresh token -> issues new access token

Code
{
    "tokens": {
        "access_token": "UPDATED_VALUE",
        "refresh_token": "VALUE", //not changed
        "expires_at": 1656091322 //new access token expiry
    },
    "user": {
        ...
    }
}

Example response for expired access token with no refresh token passed in body

This will not give a 200 response -- will return a 400 bad request error.

Code
{
    "error": "token is expired"
}

object

Password-based login (legacy)

POST

https://api.funnelflux.pro/v1

/auth/login

username

string · required

Your login username

Example: bob@smith.com

password

string · required

Your password

Example: s0me_super_un1que_pa$$word

issue_refresh_token

boolean · required

Optional flag to return a refresh token in response

Default: true

Response will be a JSON object containing an access token and refresh token. You can ignore any other information in the response as this is not necessary for API usage.

Example response for valid login

Code
{
    "tokens": {
        "access_token": "VALUE",
        "id_token": "VALUE", //ignore, not used for API requests
        "refresh_token": "VALUE",
        "expires_at": 1656091322 //access token expiry
    },
    "user": {
        "user_id": "auth0|XXXXXX", //your user ID in our system
        "permissions": [
            "lumetric:access"
        ],
        "email": "test@funnelflux.com",
        "email_verified": true,
        "name": "FunnelFlux Test User",
        "nickname": "test",
        "picture_url": "SOME_URL",
        "updated_at": 1655832122
    }
}

object

Authentication

Access token validation

Access token validation › Request Body

Access token validation › Responses

Example response for valid access token:

Example response for expired access token + valid refresh token -> issues new access token

Example response for expired access token with no refresh token passed in body

Password-based login (legacy)

Password-based login (legacy) › Request Body

Password-based login (legacy) › Responses

Example response for valid login

Authentication

Access token validation

Access token validation › Request Body

Access token validation › Responses

Example response for valid access token:

Example response for expired access token + valid refresh token -> issues new access token

Example response for expired access token with no refresh token passed in body

Password-based login (legacy)

Password-based login (legacy) › Request Body

Password-based login (legacy) › Responses

Example response for valid login