User management

CREATE USER

This API can be used to do user registrations from mobile applications. You should send
request body parameters in JSON format.

Request

[POST] https://login.xecurify.com/rest/oauth/users/register

Request header:

Authorization: Basic Base64ValueOf(CLIENT_ID+”:”+CLIENT_SECRET)
Content-Type: application/json

Request Body (JSON format):

{
    "customerKey" : "1",
    "email" : "<user-email>",
    "phone" : "<mobile-number-with-country-code>",
    "firstName" : "<first-name>",
    "lastName" : "<last-name>",
    “password” : “<password>”,
    'customAttribute1' => '',
    'customAttribute2' => '',
    'customAttribute3' => '',
    'customAttribute4' => '',
    'customAttribute5' => ''
}

Response

Success Response Example:

{
    "Status":"SUCCESS",
    "txId":"f24beffc-8d6b-11e8-913b-40b03405cc4f",
    "action":"SMS",
    "message":"OTP has been sent to xxxxxxxxxxx42. Please verify your phone with OTP you received."
}

Error Response Example:

{
    "status":"FAILED",
    "message":"User already exists with this email."
}

VERIFY USER

Request

[POST] https://login.xecurify.com/rest/oauth/users/activate

Request headers:

Authorization: Basic Base64ValueOf(CLIENT_ID+”:”+CLIENT_SECRET)
Content-Type: application/x-www-form-urlencoded

Request Parameters:

{
    "txId": "Received from step (a) above",
    "otp":  "One time password received on mobile number"
}

Response

Success Response Example:

{
    "Status":"SUCCESS",
    "message":"User account is activated."
}

Error Response Example:

{
    "Status":"FAILED",
    "txId":"f24beffc-8d6b-11e8-913b-40b03405cc4f",
    "message":"Invalid One Time Passcode provided."
}

RESEND OTP

[POST] https://login.xecurify.com/rest/oauth/users/register/resendotp

Request headers:

Authorization: Basic Base64ValueOf(CLIENT_ID+”:”+CLIENT_SECRET)
Content-Type: application/x-www-form-urlencoded

Request Parameters:

txId=<Received from step (a) above>

Response

{
    "txId":"207f2ad0-da94-11e8-a05f-02b039385610",
    "action":"SMS",
    "message":"OTP has been sent to xxxxxxxxxxx42. Please verify your phone with OTP you received.","status":"SUCCESS"
}

GET USERS PROFILE

This API can be used to fetch updated profile information with access token which was assigned
to the user.

[GET] https://login.xecurify.com/rest/oauth/getuserinfo

Request header:

Authorization: Bearer <access-token-value>

Response:
User attributes JSON


RESET USER PASSWORD

This API can be used to do password reset from mobile applications. You should provide
current password and new password in API request.

Request

[POST] https://login.xecurify.com/rest/oauth/users/resetpassword

Request header:

Authorization: Bearer <access-token-value>
Content-Type: application/x-www-form-urlencoded

Request Parameters:

currentPassword=<users-current-password>&newPassword=<users-new-password>

Response

Success Response Example:

{
    "status":"​SUCCESS",
    "message":"Password has been updated for the user."
}

Error Response Example:

{
    "status":"​FAILED",
    "message":"The current password provided is not correct."
}

UPDATE USER PROFILE API

Update user profile attributes

This API can be used to update user profile attributes.

[POST] https://login.xecurify.com/rest/oauth/users/update

Request header:

Authorization: Bearer <access-token-value>
Content-Type: application/json

Request Body (JSON format):

{
    "customerKey" : "1",
    "username" : "<username>",
    "firstName" : "<first-name>",
    "lastName" : "<last-name>”,
    'customAttribute1' => '<custom-attribute-1>'
    'customAttribute2' => '<custom-attribute-2>'
    'customAttribute3' => '<custom-attribute-3>'
    'customAttribute4' => '<custom-attribute-4>'
}

Update user email with OTP verification

This API can be used to update user’s email address after verifying new email with OTP.

  1. Request for email update

     [POST] https://login.xecurify.com/rest/oauth/users/update/email

    Request header:

     Authorization: Bearer <access-token-value>
     Content-Type: application/x-www-form-urlencoded

    Request Parameters:

     newEmail=<users-new-email>

    Sample Response:

     {
         "txId":"b50dac18-9357-11e8-8ad5-40b03405cc4f",
         "message":"An OTP has been sent to txxxxxxx4@mxxxxxxxxx.in​.",
         "status":"SUCCESS"
     }
  2. Verify OTP

     [POST] https://login.xecurify.com/rest/oauth/users/update/email/verify

    Request header:

     Authorization: Bearer <access-token-value>
     Content-Type: application/x-www-form-urlencoded

    Request Parameters:

    Parameter Value
    txId transaction ID from request (1) above
    otp OTP received on new email

    Sample Response:

     {
         "message":"Email is updated successfully.",
         "status":"SUCCESS"
     }

Update user phone with OTP verification

This API can be used to update user’s phone number after verifying new phone with OTP.

  1. Request for phone update

     [POST] https://login.xecurify.com/rest/oauth/users/update/phone

    Request header:

     Authorization: Bearer <access-token-value>
     Content-Type: application/x-www-form-urlencoded

    Request Parameters:

     newPhone=<users-new-phone>

    Sample Response:

     {
         "txId":"ba5cebb9-9362-11e8-8439-40b03405cc4f",
         "message":"An OTP has been sent to xxxxxxxxxxx42.",
         "status":"SUCCESS"
     }
  2. Verify OTP

     [POST] https://login.xecurify.com/rest/oauth/users/update/phone/verify

    Request header:

     Authorization: Bearer <access-token-value>
     Content-Type: application/x-www-form-urlencoded

    Request Parameters:

    Parameter Value
    txId transaction ID from request (1) above
    otp OTP received on new phone

    Sample Response:

     {
         "message":"Phone Number is updated successfully.",
         "status":"SUCCESS"
     }

FORGOT PASSWORD API

This API can be used to reset password for the user either with PHONE or EMAIL as per users
preference.

Select Preferred method to reset password

[POST] https://login.xecurify.com/rest/oauth/users/forgotpassword

Request header:

Authorization: Basic Base64ValueOf(CLIENT_ID+”:”+CLIENT_SECRET)
Content-Type: application/x-www-form-urlencoded

Request Parameters:

Parameter Value
userName User’s email or phone
preferredMethod SMS or EMAIL

Response:

{
    "Status":"SUCCESS",
    "txId":"48c38889-8cea-11e8-ac43-40b03405cc4f",
    "action":"SMS",
    "message":"OTP has been sent to xxxxxxxxxxx42. Please verify your phone with OTP you received."
}
{
    "Status":"SUCCESS",
    "txId":"d713e03d-8cea-11e8-ac43-40b03405cc4f",
    "action":"EMAIL",
    "message":"An email has been sent to rxxxxxxx1@mxxxxxxxxx.in. Please verify your email address with the link provided."
}

Verify OTP

[POST] https://login.xecurify.com/rest/oauth/users/update/email/verify

Request header:

Authorization: Bearer <access-token-value>
Content-Type: application/x-www-form-urlencoded

Request Parameters:

Parameter Value
txId transaction ID from above request
otp OTP received on new email

Sample Response:

{
    "message":"Email is updated successfully.",
    "status":"SUCCESS"
}

Set New Password

[POST] https://login.xecurify.com/rest/oauth/users/setpassword

Request headers:

Authorization: Basic Base64ValueOf(CLIENT_ID+”:”+CLIENT_SECRET)
Content-Type: application/x-www-form-urlencoded

Request Parameters:

Parameter Value
token One time token received from Verify OTP operation above
password New password
confirmPassword Confirm password

Sample Response:

Error Sample Responses:

{
    "Status":"FAILED",
    "message":"Invalid Token Details.",
    "token" :"d713e03d-8cea-11e8-ac43-40b03405cc4f"
}
{
    "status":"FAILED",
    "message":"Password does not match the confirm password. Type both passwords again."
}

Success Sample Response:

{
    "status":"SUCCESS",
    "message":"Password has been updated for the user."
}