Details about the authentication API

Introduction

Users Auth APIs allow you to perform the activities related to Users operations.

The Users - Auth API and their functionalities are given below:

API End Point	API Functionality
GET /DisableTFA/{username}	Disables google two factor authentication
GET /users	Returns a list of all users
GET /users/{username}	Returns a specific user (filtered by their username)
GET /users/{username}/Apps	Get Apps assigned to a specific user (filtered by their username)
GET /users/{username}/EffectivePermissions	Get effective permissions assigned to a specific user
GET /users/{username}/Lock	Defines whether a user is locked or not
GET /users/{username}/Permissions	Get permissions that belong to a specific user
GET /users/{username}/Roles	Get a list of roles that belong to a specific user
GET /users/{username}/SendConfirmationEmail	Return the specific user to whom a confirmation email is sent
GET /users/{username}/Settings	Get settings that belong to a specific user
GET /users/DefaultSettings	Get a list of default settings that are set when a new user is created
GET /users/GeneralDefaultSettings	Return general default settings that are added to users when they are created
GET /users/Locked	Get a list of all blocked users
GET /users/SetRedisCache/{key}/{userid}	Set redis cache for link expiration date Note: This endpoint allows anonymous access, it does not require authentication
POST /users	Create a new user
POST /users/{username}/ChangeEmail	Changes a specific user's email
POST /users/{username}/ChangePassword	Changes a specific user's password
POST /users/DefaultSettings	Assign default settings that will be assigned when a new user is created
POST /users/GetByEmails	Get user details from an email list
POST /users/GetByUsernames	Get user details from an username list
PUT /users/{username}	Modify a specific user
PUT /users/{username}/Lock	Defines a user to be blocked
PUT /users/{username}/Permissions	Assign permissions by user name
PUT /users/{username}/ResetPassword	Allow reset the password of a specific user using an autogenerated password
PUT /users/{username}/Roles	Modify roles assigned to a specific user
PUT /users/{username}/Settings	Assign settings to a specific user
PUT /users/{username}/UnLock	Unlocks a user after a max failed login attempts or admin action
PUT /users/DefaultSettings	Modify a list of default settings assigned to a user when they are created
PUT /users/GeneralDefaultSettings	Assign general default settings that can be propagated to each user in active audience
DELETE /users/{username}	Delete a specific user
DELETE /users/{username}/Permissions	Drop permissions that belong to a specific user
DELETE /users/{username}/Roles	Remove roles belonging to a specific user
DELETE /users/DefaultSettings	Remove default settings added to a user who is created

iCG Authentication Service

iCG APIs are secured by OAuth 2.0 ROPC grant type. The external application must obtain user authorization before it executes an endpoint call incase this API chooses to use OAuth 2.0 ROPC Grant. This authorization includes the following steps:

You must first exchange the user's credentials for an access token.
The access token is an object containing information for authorizing client requests and refreshing the token itself.

The end-to-end authorization request is represented in the below diagram.

sequenceDiagram
    participant Merchant
    participant ICG (token URL)
    autonumber
    Merchant ->>ICG (token URL): Client ID, username, password
    ICG (token URL)->>Merchant: id_token, access token, refresh token

The above step is to generate access token using the iCG provided Client id and with Merchant's user credentials.

Key Request Parameters

Once you receive the Client ID, and the user credentials, the next step is call the OAuth 2.0 ROPC endpoint to generate the access token.

Element	Value
Method	POST
Authorization Type	OAuth 2.0 ROPC
Auth URI	https://auth.icheckdev.com/
Client ID	*****(iCG application audience ID)
Username	{username}
Password	{password}
grant_type	password

Sample cURL Request

curl -X POST \

--url 'https://auth.icheckdev.com/Login' \

--header 'Accept: application/json' \

--data 'grant_type=password' \

--data 'username={USERNAME}' \

--data 'password={PASSWORD}' \

--data 'client_id={iCG APPLICATION AUDIENCE ID}' \

On receiving the requests, iCG Authorization system validates all the parameters in the request and, if the request pass through the validation process, then it will generate your access token and return it in the response.

Sample Response Body

{
"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1laWQiOiJjNjFhY2JhYy02NjA4LTQ3Y2YtYWIxOS0wZWQ2YmY3NTI5MTciLCJ1bmlxdWVfbmFtZSI6IlN1c2VlbGEiLCJlbmNyeXB0ZWRfZW1haWwiOiJGcGJnZ1RqbTNkbXl2cFlWVlVZNnJzcHBDKzcweFIwWGoyeTR1Mm8rc1ZRPSIsInR5cGUiOiIiLCJpc3MiOiJodHRwczovL2F1dGguaWNoZWNrZGV2LmNvbS8iLCJhdWQiOiJmMWZhN2ZmZi05MmU0LTQxMzMtOGQxMC0zNjg2OGM0OTg3YWQiLCJleHAiOjE3MDQ5MDY1MjAsIm5iZiI6MTcwNDgyMDEyMH0.Q03E-HrXto9CBzHcC43qn2wZG5VpUV4hzIfcCuRGWu4"
"token_type":"bearer"
"expires_in":86399
}

The response parameters and their descriptions are:

Parameter	Description
access_token	The access token to be used to call the functional APIs
token_type	Bearer
expires_in	The number of seconds until the access token expires

To view our list of APIs, please visit the Auth API page.