stoney core: Authentication Resource - REST API

From stoney cloud
Jump to: navigation, search

Also visit stoney core: Authentication Resource Mapping (REST - LDAP).

Auth action

To give a client the possibility of verifying username and password, a pseudo-ressource is provided, the only method implemented is the GET.

Auth retrieval (GET)

Auth retrieval (GET) example

To verify the authentication the clients sends a HTTP GET request on the auth's resource URI The service responds with a HTTP status code:

  • 200 (OK) on success
  • 401 (Unauthorized) on authentication failure
  • 429 (Too Many Requests)

The service must never return 403 or similar to avoid attacks which try to figure out which users exist and which do not.


GET /v1/auth/ HTTP 1.1
Accept: application/json


HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8 
  "id": 4000123,
  "user": "",
  "location": ""