API Reference

Learn how to access UNLOQ end points

POST /token/session

When an application that implements UNLOQ (that has remote logout enabled), is unable to send the session id and its duration via the first /token call, it may use this endpoint as a backup. Either token or approval_id must be specified.

POST https://api.unloq.io/v1/token/session
Headers:
   Authorization: Bearer {your application API Key}
Body Parameters
  • token (string) - previously user-generated authentication token
  • approval_id (string) - Or previously user-generated authentication approval id
  • sid (string, required) - The session ID, generated by your application for the authenticated user.
  • duration (integer) - The number of seconds the session is considered active, before UNLOQ will consider it terminated.
Result format (200 OK)
{
  "type": "api.application.approval.session",
  "result": {}
}
Notes

Your application has at most 1 minute to send the session id, after which it will not be able to do that anymore. Once a session id was attached to the token, no other session id can be re-attached to it.

Example flow 1
  • Request user information attached to the access token (call POST /token)
  • Verify user credentials, create/update account locally
  • Generate session id and send it, by calling POST /token/session with sid and token
Example flow 2
  • Perform a POST to /authenticate with generate_token=false
  • Verify user credentials, create/update account locally
  • Generate session id and send it, by calling POST /token/session with sid and approval_id

Have a question? You can always send us an email at support@unloq.io, or contact us on chat.

For security related concerns, please visit our Security page.