User Service

The user service is responsible for managing user registrations.

Summary: Get the currently active System API Key
Authentication: X-Auth Admin
                      GET /services/users/v1/api_key
                    

Description

Use this API to get the currently active System API Key. This API is only accessible to users who have the admin role.

Response Parameters

Parameter Type Description
api_key string The System API Key can be used as an x-auth-token.
active bool Whether the System API Key is active.

Examples

API Key Request

curl -i 'https://store.shift72.com/services/users/v1/api_key' \
  -H 'x-auth-token: a7499b7029d80791ff18834fec73aeef'

Response: Success

HttpStatus: 200
{  
  "api_key":"ak_production_33ee4fcab9b39b5916b4b5f9f74b7097",
  "active":true
}

Response: Not Found

HttpStatus: 404
{
  "error":"No Api Key present"
}

Response: Unauthorized

HttpStatus: 401
Summary: Request a new System API Key
Authentication: X-Auth Admin
                      POST /services/users/v1/api_key
                    

Description

Use this API to get a new System API Key. This deactivates the previously used System API Key. This API is only accessible to users who have the admin role.

Response Parameters

Returns API Key.

Examples

Request New API Key

curl -i 'https://store.shift72.com/services/users/v1/api_key' \
  -X POST \
  -H 'x-auth-token: a7499b7029d80791ff18834fec73aeef'

Response: Success

HttpStatus: 200
{  
  "api_key":"ak_production_33ee4fcab9b39b5916b4b5f9f74b7097",
  "active":true
}

Response: Unauthorized

HttpStatus: 401
Summary: Request users configuration settings
Authentication: None
                      GET /services/users/v1/configuration
                    

Description

Use this API to get the configuration settings for the Users service.

Response Parameters

Parameter Type Description
signup_dob_and_gender string Set to true if the sign up form should ask for date of birth and gender.

Examples

Users Configuration Request

curl -i 'https://store.shift72.com/services/users/v1/configuration'

Response: Success

HttpStatus: 200
{  
  "signup_dob_and_gender":"true"
}
Summary: Request admin configuration settings
Authentication: X-Auth Admin
                      GET /services/users/v1/configuration/private
                    

Description

Use this API to get the configuration settings that can be changed by an administrator. These configuration settings may include private settings that are only visible to administrators. This API is only accessible to users who have the admin role.

Response Parameters

Parameter Type Description
signup_dob_and_gender bool Set to true if the sign up form should ask for date of birth and gender.
required_dob_and_gender bool Set to true if the sign up form should requires date of birth and gender as compulsory fields.

Examples

Admin Configuration Request

curl -i 'https://store.shift72.com/services/users/v1/configuration/private' \
  -H 'x-auth-token: e69600dfa1d670b59d78971477ea0618'

Response: Success

HttpStatus: 200
{  
  "required_dob_and_gender":true,
  "signup_dob_and_gender":true
}

Response: Unauthorized

HttpStatus: 401
Summary: Update admin configuration settings
Authentication: X-Auth Admin
                      PATCH /services/users/v1/configuration/private
                    

Description

Use this API to update the configuration settings for the site. These configuration settings may include private settings that are only visible to administrators. This API is only accessible to users who have the admin role.

Request Parameters

Parameter Type Description
signup_dob_and_gender bool Set to true if the sign up form should ask for date of birth and gender.
required_dob_and_gender bool Set to true if the sign up form should requires date of birth and gender as compulsory fields.

Response Parameters

Returns Configuration (Admin).

Examples

Update Field

curl -i 'https://store.shift72.com/services/meta/v1/configuration/private' \
  -X PATCH \
  -H 'x-auth-token: 1a1f4363bac4df5ba34758945fae8d0d' \
  -H 'content-type: application/json;charset=UTF-8' \
  --data-binary '{ "signup_dob_and_gender":true }'

Response: Success

HttpStatus: 200
{  
  "required_dob_and_gender":true,
  "signup_dob_and_gender":true
}

Response: Key Doesn’t Exist

HttpStatus: 400
{
  "error":"Bad request, request contains invalid key."
}

Response: Unauthorized

HttpStatus: 401
Summary: Get the user's details
Authentication: X-Auth
                      GET /services/users/detail/users
                    

Description

Use this API to get the user details of the currently signed in user.

Response Parameters

Parameter Type Description
auth_token string The authorization token required for X-Auth API requests.
user_id number The user’s unique ID.
email string The user’s email address.
name string The user’s name.
avatar_url string Deprecated. A URL to an image. This is not used.
access_code string Deprecated. This is not used.
account_admin bool Deprecated. This is not used.
dob string Date of birth in ISO 8601 date format.
bypass_cache bool Some accounts can bypass the five-minute cache.
gender string The user’s gender. Can be male, female or other.

Examples

User Details Request

curl 'https://store.shift72.com/services/users/detail/users' \
     -H 'x-auth-token: e7ddfaf607c1b9f165500b312dc3d6d5'

Response: Success

HttpStatus: 200
{  
  "auth_token":"ea34011c0c0e434bf7fb8365cd9185ba",
  "account":{  
    "user_id":947,
    "email":"user@example.com",
    "name":"Joe",
    "dob":"2000-01-31",
    "gender":"male",
    "users":[  
      {  
        "id":947,
        "email":"user@example.com",
        "name":"Joe",
        "avatar_url":null,
        "access_code":null,
        "account_admin":true,
        "dob":"2000-01-31",
        "gender":"male"
      }
    ],
    "bypass_cache":false
  }
}

Response: Unauthorized

HttpStatus: 401
Summary: Get the user's details as an administrator
Authentication: X-Auth Admin
                      GET /services/users/users/[user_id]/show
                    

Description

Use this API if you are an administrator and want to get the user details of a specific user. This API is only accessible to users who have the admin role. The response is different to the Details API in that it includes information that is only available to administrators, such as the date the user last signed in.

Response Parameters

Parameter Type Description
id number The user’s unique ID.
name string The user’s name.
email string The user’s email address.
status string Either ‘suspended’ or ‘active’. Null is the same as active.
last_sign_in string ISO 8601 format of the date and time the user last signed in.
sign_in_count number The number of times the user has signed in.
owner_id string Deprecated. This is not used.
encrypted_password string Deprecated. This is not used.
roles_ids number An array of roles where 1 = admin. Other ids are not currently used.
dob string Date of birth in ISO 8601 date format.
gender string The user’s gender. Can be male, female or other.

Examples

Get the User Details for User 5769

curl -i 'https://store.shift72.com/services/users/users/5769/show' \
  -H 'x-auth-token: f217af8c0dc9dd4f257d2aef7ba8a962'

Response: Success

HttpStatus: 200
{  
  "id":5769,
  "name":"New Joe",
  "email":"user@example.com",
  "dob":"1999-01-30",
  "gender_id":"female",
  "status":"active",
  "last_sign_in":"2015-05-26T03:54:30.954Z",
  "sign_in_count":3,
  "owner_id":null,
  "encrypted_password":"$2a$10$XZjAl.nulVzRkccgM5RGR.O5XgoYkQJSi7A9wqfjeDmNdRUJLnQwS",
  "roles_ids":[  
    1,
    2
  ]
}

Response: Unauthorized

HttpStatus: 401
Summary: Update the user's details
Authentication: X-Auth
                      PUT /services/users/detail/update
                    

Description

Use this API to update the user details of the currently signed in user.

Request Parameters

Parameter Type Description
name string Optional. The user’s new name.
email string Optional. The user’s new email address.
password string Optional. The user’s new password.
current_password string Required. The user’s current password.
dob string Optional. Date of birth in ISO 8601 date format.
gender string Optional. The user’s gender. Can be male, female or other.

Response Parameters

Parameter Type Description
success string A message that provides more information about the update.
error string A message that provides more information about the error.
field string The field that’s related to the error.

Examples

Update User’s Name

curl -i 'https://store.shift72.com/services/users/detail/update' \
     -H 'Content-Type: application/json;charset=UTF-8' \
     -H 'x-auth-token: 296871b9d469e9a2a3872c90a49d9212' \
     -d '{ "user": {
             "name": "New Joe",
             "current_password": "passw0rd"
             }
         }' \
     -X PUT

Update User’s Email Address

curl -i 'https://store.shift72.com/services/users/detail/update' \
     -H 'Content-Type: application/json;charset=UTF-8' \
     -H 'x-auth-token: 296871b9d469e9a2a3872c90a49d9212' \
     -d '{ "user": {
             "email": "joe@blogs.com",
             "current_password": "passw0rd"
             }
         }' \
     -X PUT

Update User’s Password

curl -i 'https://store.shift72.com/services/users/detail/update' \
     -H 'Content-Type: application/json;charset=UTF-8' \
     -H 'x-auth-token: 296871b9d469e9a2a3872c90a49d9212' \
     -d '{ "user": {
             "password": "passw0rd2",
             "current_password": "passw0rd"
             }
         }' \
     -X PUT

Response: Success

HttpStatus: 200
{  
  "success":"User has been updated"
}

Response: Failure

HttpStatus: 422
{  
  "error":"User failed to update incorrect password",
  "field":[  
    "current_password"
  ]
}

Response: Unauthorized

HttpStatus: 401
Summary: Update the user's details as an administrator
Authentication: X-Auth
                      PUT /services/users/users/[user_id]/update
                    

Description

Use this API if you are an administrator and want to update the user details of a specific user. This API is only accessible to users who have the admin role.

Request Parameters

Parameter Type Description
id number The user’s unique ID.
name string Optional. The user’s name.
email string Optional. The user’s email address.
status string Optional. Either ‘suspended’ or ‘active’. Null is the same as active.
last_sign_in string Deprecated. This will be removed in a future update.
sign_in_count number Deprecated. This will be removed in a future update.
owner_id string Deprecated. This will be removed in a future update.
encrypted_password string Deprecated. This will be removed in a future update.
roles_ids number Optional. An array of roles where 1 = admin. Other ids are not currently used.
dob string Optional. Date of birth in ISO 8601 date format.
gender string Optional. The user’s gender. Can be male, female or other.

Response Parameters

Returns User Details (Admin).

Examples

Update User’s Details

curl -i 'https://store.shift72.com/services/users/users/947/update' \
-X PUT \
-H 'content-type: application/json;charset=UTF-8' \
-H 'x-auth-token: 123197c039422f4e11c2caad08a50c3c' \
--data-binary '{ "user":{  
    "id":947,
    "name":"New Joe",
    "email":"user@example.com",
    "gender":"female",
    "dob":"1999-01-30",
    "status":"active",
    "last_sign_in":"2015-07-20T01:01:11.740Z",
    "sign_in_count":3,
    "owner_id":null,
    "encrypted_password":"$2a$10$yn/1jIzmUBt0XS.cERDQFOo3RphdXcws01qBcTLM8Z.n8XWxjzXVC",
    "roles_ids":[] }
  }'

Response: Success

HttpStatus: 200
{  
  "id":947,
  "name":"New Joe",
  "email":"user@example.com",
  "status":"active",
  "last_sign_in":"2015-07-20T01:01:11.740Z",
  "sign_in_count":2,
  "owner_id":null,
  "encrypted_password":"$2a$10$yn/1jIzmUBt0XS.cERDQFOo3RphdXcws01qBcTLM8Z.n8XWxjzXVC",
  "dob":"1999-01-30",
  "gender_id":"female",
  "client_id":2,
  "updated_at":"2015-07-20T01:38:33.573Z",
  "roles_ids":[]
}

Response: Unauthorized

HttpStatus: 401
Summary: Request an email with password reset instructions
Authentication: None
                      POST /services/users/password/forgot
                    

Description

Use this API to send an email with password reset instructions to the requested email address. If the user exists in the database they will be sent an email with reset instructions. If the user does not exist in the database then no email will be sent, even if the HTTP response was a 200. This is to prevent this API being abused.

Request Parameters

Parameter Type Description
email string Required. Email address of the user.

Response Parameters

Parameter Type Description
message string A message that provides more information about the response.

Examples

Forgot Password Request

curl https://store.shift72.com/services/users/password/forgot \
     -d 'user[email]=user@example.com' \
     -X POST

Response: Success

HttpStatus: 200
{  
  "message":"An email has been sent with a password reset link"
}
Summary: Reset a user's password
Authentication: X-Auth
                      PUT /services/users/password/reset
                    

Description

Use this API to reset a user’s password. The id and reset_password_token are included in the link in the forgot password email that was requested in the Forgot Password API.

Request Parameters

Parameter Type Description
id number Required. The user’s account number.
reset_password_token string Required. The one-time use token required to reset the password for a specific user.
password string Required. User’s new password.
password_confirmation string Required. Must match the password.

Response Parameters

Returns user details.

Examples

Reset Password for User 659

curl -i 'https://store.shift72.com/services/users/password/reset' \
  -X PUT \
  -H 'content-type: application/json;charset=UTF-8' \
  -d '{ "user":{  
        "password":"password",
        "password_confirmation":"password",
        "id":"659",
        "reset_password_token":"ceb4d099d48445aa464b1d828e1fb1e5" }
      }'

Response: Success

HttpStatus: 200
{  
  "auth_token":"3018b0b31aecbc852fab31aec11e36c4",
  "account":{  
    "user_id":905,
    "email":"joe@example.com",
    "name":"Joe",
    "users":[  
      {  
        "id":905,
        "email":"joe@example.com",
        "name":"Joe",
        "avatar_url":null,
        "access_code":null,
        "account_admin":true,
        "dob":null
      }
    ],
    "bypass_cache":false
  }
}

Response: Failure - Invalid Token

HttpStatus: 422
{  
  "error":"Reset password token is invalid"
}

Response: Failure - Passwords Don’t Match

HttpStatus: 422
{  
  "error":"Password confirmation does not match password"
}

Summary: Search for users
Authentication: X-Auth Admin
                      GET /services/users/v2/users/search?page=[pg]&per_page=[num]&query=[search_string]&role_ids=[id]
                    

Description

Use this API if you are an administrator and want to search the list of users. This searches across the name and email fields. This API is only accessible to users who have the admin role.

Query String Request Parameters

Parameter Description
page The search page number.
per_page The number of items to return per page. All results are returned if this is not passed.
query The string to search on.
role_ids The role ids, where 1 = admin

Pagination Header Response Parameters

Pagination information is returned via the header Pagination

Parameter Type Description
page_size number The number of items per page.
first_page number The number of the first page.
next_page number The number of the next page.
prev_page number The number of the previous page.
last_page number The number of the last page.
total_count number The total number of items found in the search.
pages_count number The total number of pages.

Response Parameters

An array of the following items is returned.

Parameter Type Description
id number The user’s unique ID.
name string The user’s name.
email string The user’s email address.
status string Either ‘suspended’ or ‘active’. Null is the same as active.
last_sign_in string ISO 8601 format of the date and time the user last signed in.
sign_in_count number The number of times the user has signed in.

Examples

Search for Matches on “example”

curl -i 'https://store.shift72.com/services/users/v2/users/search?page=&per_page=20&query=example&role_ids=' \
  -H 'x-auth-token: 1a1f4363bac4df5ba34758945fae8d0d'

Response: Success

[  
  {  
    "id":5769,
    "name":"New Joe",
    "email":"user@example.com",
    "status":"active",
    "last_sign_in":"2015-05-26T03:54:30.954Z",
    "sign_in_count":100
  },
  {  
    "id":5768,
    "name":"Test",
    "email":"me@example.com",
    "status":null,
    "last_sign_in":"2015-04-15T03:50:12.529Z",
    "sign_in_count":1
  }
]

Response: Unauthorized

HttpStatus: 401
Summary: Search for users with the result as comma separated values
Authentication: X-Auth Admin
                      GET /services/users/v2/users/csv?auth_token=[auth_token]&query=[search_string]&role_ids=[id]
                    

Description

Use this API if you are an administrator and want to search the list of users and get the result as comma separated values (CSV). This API is only accessible to users who have the admin role. This searches across the name and email fields.

Query String Request Parameters

Parameter Description
auth_token The user’s authorization token.
query The string to search on.
role_ids The role ids, where 1 = admin

Response Parameters

A CSV list of the following items is returned.

Parameter Type Description
Email string The user’s email address.
Name string The user’s name.
Created at string Date the user registered in ISO 8601 date format.
Gender string The user’s gender. Can be male, female or other.
DOB string Date of birth in ISO 8601 date format.

Examples

Search for Matches on “example” with Result as CSV

curl -i  'https://store.shift72.com/services/users/v2/users/csv?&query=example&role_ids=' \
  -H 'x-auth-token: 267a4d0f684d39309252bf8eb3396a83'

Response: Success

HttpStatus: 200
"Email","Name","Created at","Gender","DOB"
"user@example.com","Joe","2015-04-15","male","1901-12-25"
"me@example.com","Test","2015-04-15","",""

Response: Unauthorized

HttpStatus: 401
Summary: Check if the signed in user has admin permissions
Authentication: X-Auth Admin
                  GET /services/users/auth/bouncer
                

Description

Use this API if you want to check if the signed in user has the admin role. This is often used after the Sign In API call when accessing an admin area. The benefit of this is that if the user is not an administrator, bouncer will sign the user out and you can display an appropriate message about the user not being an administrator. Otherwise API calls that require admin access will return an HTTP response code of 401, Unauthorized, which is the same response as if the session has expired.

Response Parameters

Parameter Type Description
message string A message that provides more information about the response.

Examples

Check If User Is an Administrator

curl -i 'https://store.shift72.com/services/users/auth/bouncer' \
  -H 'x-auth-token: 4566778ab896d7390992d1fc2a484bce'

Response: Success

HttpStatus: 200
{  
  "message":"If you got this far, you are an admin"
}

Response: Unauthorized

HttpStatus: 401
Summary: Get the branding information
Authentication: None
                  GET /services/users/v1/branding
                

Description

This API is used to receive information about the client’s brand.

Response Parameters

Parameter Type Description
domain string The domain used for API calls.
support_address string Email address to display for support queries.
name string The name of the client.
brandings[brand-color] string Primary brand color.
brandings[brand-color-secondary] string Secondary brand color.
brandings[text-color] string Primary text color.
brandings[text-color-secondary] string Secondary text color.
brandings[logo-url] string Link to the location of the client’s logo.

Examples

Request Client Information

curl -i 'https://store.shift72.com/services/users/v1/branding'

Response: Success

HttpStatus: 200
{  
   "name":"s72demo",
   "domain":"store.shift72.com",
   "support_address":"vod@shift72.com",
   "brandings":{  
      "brand-color":"#0b54a9",
      "brand-color-secondary":"#0e6cd9",
      "text-color":"#ffffff",
      "text-color-secondary":"#ffffff",
      "logo-url":"https://store.shift72.com/images/common/app-logo.png"
   }
}
Summary: Get the list of clients that are to appear in the SHIFT72 apps
Authentication: None
                  GET /services/users/v1/clients/
                

Description

This API is used to receive information about the clients that are used in the SHIFT72 apps. This includes information about the client including brand colors. This API allows new clients to be added to the SHIFT72 apps without having to release a new version of the app.

Response Parameters

Parameter Type Description
id number The ID of the client.
domain string The domain used for API calls.
description string Short description about the client.
rank number The rank of the client, i.e. the order to appear within the app.
name string The name of the client.
branding[brand-color] string Primary brand color.
branding[brand-color-secondary] string Secondary brand color.
branding[text-color] string Primary text color.
branding[text-color-secondary] string Secondary text color.
branding[logo-url] string Link to the location of the client’s logo.
links[about-us] string Optional. Overwrite the default link to the client’s About Us page.
links[help] string Optional. Overwrite the default link to the client’s Help page.
links[terms-and-conditions] string Optional. Overwrite the default ink to the client’s Terms and Conditions page.
links[forgot-password] string Optional. Overwrite the default link to the client’s Forgot Password page.
links[privacy-policy] string Optional. Overwrite the default link to the client’s Privacy Policy page.

Examples

Request Client Information

curl 'https://api.shift72.com/services/users/v1/clients/'

Response: Success

HttpStatus: 200
[  
  {  
    "id":3,
    "domain":"ondemand.nzfilm.co.nz",
    "description":"NZ Film On Demand is the New Zealand Film Commission's On Demand service which brings great New Zealand films to you when you want.",
    "rank":1,
    "name":"NZ Film",
    "branding":{  
      "brand-color":"#000000",
      "brand-color-secondary":"#39A8A3",
      "text-color":"#ffffff",
      "text-color-secondary":"#ffffff",
      "logo-url":"https://ondemand.nzfilm.co.nz/images/common/app-logo.png"
    },
    "links":null
  },
  {  
    "id":10,
    "domain":"buymovie.whatwedointheshadows.com",
    "description":"Follow the lives of Viago (Taika Waititi), Deacon (Jonathan Brugh), and Vladislav (Jemaine Clement) - three flatmates who are just trying to get by and overcome life's obstacles-like being immortal vampires who must feast on human blood.",
    "rank":2,
    "name":"What We Do in the Shadows",
    "branding":{  
      "brand-color":"#000000",
      "brand-color-secondary":"#000000",
      "text-color":"#ffedbc",
      "text-color-secondary":"#ffedbc",
      "logo-url":"https://buymovie.whatwedointheshadows.com/images/common/app-logo.png"
    },
    "links":null
  },
  {  
    "id":2,
    "domain":"store.shift72.com",
    "description":"A demo site showcasing the latest features from SHIFT72.",
    "rank":3,
    "name":"SHIFT72 Demo",
    "branding":{  
      "brand-color-secondary":"#0e6cd9",
      "text-color":"#ffffff",
      "text-color-secondary":"#eeeeee",
      "brand-color":"#0b54a9",
      "logo-url":"https://store.shift72.com/images/common/app-logo.png"
    },
    "links":{  
      "about-us":"https://store.shift72.com/#!/page/about-us",
      "help":"https://store.shift72.com/#!/page/help",
      "terms-and-conditions":"https://store.shift72.com/#!/page/terms-and-conditions",
      "forgot-password":"https://store.shift72.com/#!/forgot-password",
      "privacy-policy":"https://store.shift72.com/#!/page/privacy"
    }
  }
]
Summary: Request user feature toggle settings
Authentication: None
                  GET /services/users/v1/feature_toggles
                

Description

Use this API to get the feature toggle settings for the User service. The feature toggles are used to control if clients have access to features that are in beta. The feature toggles are not listed here as they are usually short lived and are only required for controlling access to features that are in beta testing.

Examples

User Feature Toggles Request

curl -i 'https://store.shift72.com/services/users/v1/feature_toggles'

Response: Success

HttpStatus: 200
{  
  "user_invite":true,
  "user_activity":false
}
Summary: Invite a user
Authentication: X-Auth Admin
                  POST /services/users/v1/invite
                

Description

Use this API to create a user account and send an email with instructions on how to register their account. You can optionally subscribe a user to a plan or add films or seasons to their library. For existing admin users with a role defined, setting reinvite to false will send a reminder email, setting reinvite to true will reset their password and send the invite email again. For normal users, setting reinvite to false will update their settings but not send an email, setting reinvite to true will reset their password and send the invite email again.

Request Parameters

Parameter Type Description
invitees array Required. Array of email addresses to invite.
items array Optional. Array of items to be added to the users’ libraries. These can be films, seasons, or plans.
expiry string Optional. Rental expiry in ISO 8601 date format.
reinvite bool Optional. Set to true if you want to reset the password and send the invite email again.
role string Optional. The role to give to the new user.
resource array Optional. Array of resources to apply to the role.

Response Parameters

Parameter Type Description
invites_sent number The number of new users created.
existing_users_invited number The number of existing users. These will only be sent if reinvite was set to true.

Examples

Invite User with Rental

curl -i 'https://store.shift72.com/services/users/v1/invite' \
  -H 'x-auth-token: 123197c039422f4e11c2caad08a50c3c' \
  -H 'content-type: application/json;charset=UTF-8' \
  --data-binary '{  
    "invitees":[  
      "user@example.com"
    ],
    "items":[  
      "/film/64"
    ],
    "reinvite":true,
    "expiry":"2017-06-15T23:10:09.824Z"
  }'

Invite User with Distributor Role

curl -i 'https://store.shift72.com/services/users/v1/invite' \
  -H 'x-auth-token: 123197c039422f4e11c2caad08a50c3c' \
  -H 'content-type: application/json;charset=UTF-8' \
  --data-binary '{  
    "invitees":[  
      "user@example.com"
    ],
    "reinvite":true,
    "role":"Distributor",
    "resource":[  
      "/film/333"
    ]
  }'

Response: Success

HttpStatus: 200
{  
  "invites_sent":1,
  "existing_users_invited":0
}

Response: Unauthorized

HttpStatus: 401

Response: Missing Email Addresses

HttpStatus: 400
{  
  "error":"Missing invitees"
}

Response: Invalid Email Addresses

HttpStatus: 400
{  
  "error":"Contains invalid emails addresses"
}

Response: Role Doesn’t Exist

HttpStatus: 400
{  
  "error":"Role doesn't exist"
}
Summary: Sign in with a valid user
Authentication: None
                  POST /services/users/auth/sign_in
                

Description

Use this API to sign a user in with the provided email and password. The auth_token that is returned is required on all API requests that are noted with “Authentication: X-Auth”. If the user also has the admin role, then the x-auth-token can also be used with API requests that are noted with “Authentication: X-Auth Admin”. Use the Bouncer API if you need to confirm that a user has the admin role.

Request Parameters

Parameter Type Description
email string Required. Email address of the user.
password string Required. User’s password.
remember_me bool Optional. Requests a longer session expiry. Session will extended to 30 days.

Response Parameters

Returns User Details.

Examples

Sign In Request

curl https://store.shift72.com/services/users/auth/sign_in \
    -H 'Content-Type: application/json;charset=UTF-8' \
    -d '{ "user": {
            "email": "user@example.com",
            "password": "passw0rd"
            }
        }'

Sign In Request With Optional Field

curl https://store.shift72.com/services/users/auth/sign_in \
    -H 'Content-Type: application/json;charset=UTF-8' \
    -d '{ "user": {
            "email": "user@example.com",
            "password": "passw0rd",
            "remember_me": false }
        }'

Response: Success

HttpStatus: 200
{  
  "auth_token":"ea34011c0c0e434bf7fb8365cd9185ba",
  "account":{  
    "user_id":947,
    "email":"user@example.com",
    "name":"Joe",
    "dob":"2000-01-31",
    "gender":"male",
    "users":[  
      {  
        "id":947,
        "email":"user@example.com",
        "name":"Joe",
        "avatar_url":null,
        "access_code":null,
        "account_admin":true,
        "dob":"2000-01-31",
        "gender":"male"
      }
    ],
    "bypass_cache":false
  }
}

Response: Failure

HttpStatus: 422
{  
  "error":"Try again, your email or password is incorrect"
}
Summary: Sign a user out from their current session
Authentication: X-Auth
                  DELETE /services/users/auth/sign_out
                

Description

Use this API to sign a user out and end their current session.

Response Parameters

Parameter Type Description
success bool Set to true if user successfully signed out.

Examples

Sign Out Request

curl 'https://store.shift72.com/services/users/auth/sign_out' \
  -X DELETE \
  -H 'x-auth-token: ea72a67428e3dad909779542bb59fa02'

Response: Success

HttpStatus: 200
{  
  "success":true
}
Summary: Sign up a new user
Authentication: None
                  POST /services/users/auth/sign_up
                

Description

Use this API to create a new user with the supplied details. On successful registration the new user will be signed in and sent a welcome email.

Request Parameters

Parameter Type Description
name string Required. Name of the user.
email string Required. Email address of the user.
password string Required. User’s password.
dob string Optional. Date of birth in ISO 8601 date format.
gender string Optional. The user’s gender. Can be male, female or other.
email_opt_in bool Optional. True if the user has opted in to email marketing. Default is false.

Response Parameters

Returns user details.

Examples

Sign Up Request

curl -i 'https://store.shift72.com/services/users/auth/sign_up' \
  -X POST \
  -H 'content-type: application/json;charset=UTF-8' \
  -d '{ "user":{  
          "name":"Joe",
            "email":"user@example.com",
            "password":"password",
            "dob":"2000-01-31",
            "gender":"male"
        }
      }'

Response: Success

HttpStatus: 200
{  
  "auth_token":"59ce33d78c7f766815c3e8ddae4080e6",
  "account":{  
    "user_id":947,
    "email":"user@example.com",
    "name":"Joe",
    "dob":"2000-01-31",
    "gender":"male",
    "users":[  
      {  
        "id":947,
        "email":"user@example.com",
        "name":"Joe",
        "avatar_url":null,
        "access_code":null,
        "account_admin":true,
        "dob":"2000-01-31",
        "gender":"male"
      }
    ],
    "bypass_cache":false
  }
}

Response: Failure

HttpStatus: 422
{  
  "error":{  
    "email":[  
      "email address has already been taken"
    ]
  }
}

Summary: Check if the email address is already used
Authentication: None
                  GET /services/users/auth/account_exists
                

Description

Check if an account is already registered with the specified email address.

Query String Request Parameters

Parameter Description
email The user’s email address - URL encoded.

Response Parameters

Parameter Type Description
exists bool True if the account exists.

Examples

Check if Email Exists

curl -i 'https://store.shift72.com/services/users/auth/account_exists?email=me@example.com'

Response: Success

HttpStatus: 200
{  
   "exists":true
}

Response: Missing Email

HttpStatus: 400
{
  "error": "Missing email address",
  "code": "missing_email"
}