API for User Authentication

Authentication API

Cross Identity Authentication API provides a programmable interface to authenticate users. It can be used as a standalone API to provide the identity layer on top of your existing application.

The API is targeted at developers who want to build their own end-to-end login experience and to use Cross Identity User authentication as the back-end process. Primary authentication allows you to verify username and password credentials for a user.

The third-party applications/services (for ex: custom mobile applications) can invoke this API for authentication. Once CI authenticates the user, it sends back the responses with a successful message to the app. The application can then create the session for that user and allow access to that application. 

POST /api/v1/userAuthn

Every authentication transaction starts with primary authentication which validates a user’s password credential. Authentication Policy and MFA Policy are evaluated during primary authentication to determine if the user's password is expired, an additional authentication verification is required. The transaction state of the response depends on the user's status, group memberships and assigned policies.

Request example for registered application:

Response example for registered application:

Before developers use this API, they must register the application in CI and generate the API tokens.

Registered applications

To use CI’s APIs, the applications and services must be registered with Cross Identity. 

Registered applications are the applications and/or servers that are registered in the Cross Identity IAM portal as trusted applications and have the privilege to invoke CI APIs using the valid CI API Token.

Cross Identity API tokens

Cross Identity API tokens are used to authenticate requests to CI APIs. It needs to supply a valid API token in the HTTP Authorization header with a valid token specified as the header value when invoking a CI API endpoint.