Authentication

Last updated 1 day ago

Login (if required) and continue to the requested action

get

Renders a dynamic login page. If the user is already authenticated, proceeds directly to the requested action with provided parameters. Used as an entry point for browser-based, context-aware authentication and routing.

Query parameters

actionstringRequired

The action to continue to after login (e.g., frontdoorUrl)

paramsstringRequired

Comma-separated key:value pairs for action context (e.g., targetOrg:myorg,other:val)

Responses

200

HTML page for login and continuation.

get

GET /sfp/api/auth/continue?action=text&params=text HTTP/1.1
Host: 
Accept: */*

200

HTML page for login and continuation.

No content

post

Authenticates an admin user with email and password credentials

Body

emailstringRequired

Email address of the admin user

Example: admin@example.com

passwordstringRequired

Password for the admin user

Example: password123

Responses

200

Authentication successful

application/json

401

Unauthorized - Invalid credentials or insufficient permissions

429

Too Many Requests - Rate limit exceeded

500

Internal server error

post

POST /sfp/api/auth/admin/login HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 54

{
  "email": "admin@example.com",
  "password": "password123"
}

{
  "success": true,
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": "123",
    "email": "admin@example.com",
    "role": "owner"
  },
  "error": "Invalid credentials"
}

Handle authentication callback

post

Validates the provided access token and optional refresh token

Body

access_tokenstringRequired

The access token for authentication

Example: eyJhbGciOiJIUzI1NilsImtpZCI6IlRbEty...

refresh_tokenstringOptional

Optional refresh token

Responses

200

Authentication successful

application/json

401

Unauthorized - No access token provided or invalid token

500

Internal server error

post

POST /sfp/api/auth/callback HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 80

{
  "access_token": "eyJhbGciOiJIUzI1NilsImtpZCI6IlRbEty...",
  "refresh_token": "text"
}

{
  "success": true,
  "data": {
    "userId": "123"
  }
}