API Reference

Learn how to access UNLOQ end points

POST /encryption/user

Initiates an encryption key request and sends it to the specified user's device. For the encryption key request to work, the application must have encryption keys enabled and the user must have previously authenticated to it.

POST https://api-authenticator.iwelcome.com/v1/encryption/user
Headers:
   Authorization: Bearer {your application API Key}
   Content-Type: application/json
Body parameters
  • unloq_id (integer, required) - The UnloqID of the target user. The user must have previously authenticated to the requested application.
  • email (email) - Optional. Required only wher the UnloqID is not available.
  • message (string) - Optional. A message that will appear on the user's device. You can use this field to specify why you need access to the user's encryption key.
  • requester_id (integer) - Optional. If you specify this field, you basically state that the encryption key was requested by a specific UNLOQ user. The user's email and information will also appear on the device.
  • public_key (string) - Optional. An PEM-encoded RSA public key (-----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----) that the device will use to encrypt the user's encryption key.
  • generate_token (boolean) - Optional. Default is false
  • ip (IP) - Optional. The originating IP address that will be displayed on the user's device.
Result format (200 OK)
{
  "type": "api.application.approval.encryption",
  "result": {
    "unloq_id": "1234",
    "token": "abcdefg12345"
  }
}

Note: If a public_key was specified in the request body, it will encrypt the encryption_key field of the result and base64 encode it.

Error format (4xx)
{
  "error": {
    "code": "{e.code}",
    "ns": "{e.ns}",
    "message": "{e.message}",
    "status": "{e.statusCode}"
  }
}
Notes

The first time an application requests the user's encryption key, a cryptographically secure random string of the application's encryption key size setting will be generated. The encryption key will always be the same for the account-application tuple, regardless of any deactivation process initiated by the user. Since the key is between 32 and 64 characters, it should be used in symmetric encryption (eg. AES).

Have a question? You can always send us an email at support@unloq.io, or contact us on chat.

For security related concerns, please visit our Security page.