Skip to main content
POST
/
v1
/
auth
/
passwords
/
verify
Verify Password (Enterprise)
curl --request POST \
  --url https://api.streambird.io/v1/auth/passwords/verify \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "password": "samplepass",
  "session_token": "4KdNDr4QAMekuWssW7IDtF9mlsmkOj8QDRbp7oIGOb3Tv4sE3PjX6j6GypoYNnIB"
}'
{
  "session": {
    "id": "sess_2KF44T13b1clHEoOHpwEmTtldx5",
    "user_id": "user_2Cu2uVhYy0OVgRcO913OsqIVaPI",
    "started_at": 1673556805,
    "expires_at": 1673562817,
    "last_active_at": 1673556817,
    "factors": [
      {
        "delivery_channel": "email",
        "type": "otp",
        "method": {
          "method_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
          "method_type": "email",
          "email_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
          "email": "sandbox@streambird.io",
          "last_verified_at": 1673556805
        }
      },
      {
        "delivery_channel": "password",
        "type": "password",
        "method": {
          "last_verified_at": 1673556817
        }
      }
    ],
    "device_fingerprint": {
      "user_agent": "Chrome",
      "ip": ""
    },
    "permissions": [],
    "deleted": false,
    "deleted_at": 0,
    "updated_at": 1673556817,
    "created_at": 1673556805
  },
  "session_token": "4KdNDr4QAMekuWssW7IDtF9mlsmkOj8QDRbp7oIGOb3Tv4sE3PjX6j6GypoYNnIB",
  "session_jwt": "eyJhbGciOiJSUzI1NiIsImtpZCI6Imp3a18yN0Q1dU9UaFIyZHNncmFYN1dWb0VMRzRxRVgiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NzM1NjI4MTcsImh0dHBzOi8vc3RyZWFtYmlyZC5pby9qd3Qvc2Vzc2lvbiI6eyJpZCI6InNlc3NfMktGNDRUMTNiMWNsSEVvT0hwd0VtVHRsZHg1IiwidXNlcl9pZCI6ImRlOGRjM2IxLWI3ZTAtNGU3OS05MjU3LTZmNjgwZTUxOTcwYiIsInN0YXJ0ZWRfYXQiOjE2NzM1NTY4MDUsImV4cGlyZXNfYXQiOjE2NzM1NjI4MTcsImxhc3RfYWN0aXZlX2F0IjoxNjczNTU2ODE3LCJmYWN0b3JzIjpbeyJkZWxpdmVyeV9jaGFubmVsIjoiZW1haWwiLCJ0eXBlIjoib3RwIiwibWV0aG9kIjp7Im1ldGhvZF9pZCI6IjU5MzY2NTEzLWNmMzctNDE5Ni05NmY0LTI0ZGE3NTc3MjRiYSIsIm1ldGhvZF90eXBlIjoiZW1haWwiLCJlbWFpbF9pZCI6IjU5MzY2NTEzLWNmMzctNDE5Ni05NmY0LTI0ZGE3NTc3MjRiYSIsImVtYWlsIjoidGltQHN0cmVhbWJpcmQuaW8iLCJsYXN0X3ZlcmlmaWVkX2F0IjoxNjczNTU2ODA1fX0seyJkZWxpdmVyeV9jaGFubmVsIjoicGFzc3dvcmQiLCJ0eXBlIjoicGFzc3dvcmQiLCJtZXRob2QiOnsibGFzdF92ZXJpZmllZF9hdCI6MTY3MzU1NjgxN319XSwiZGV2aWNlX2ZpbmdlcnByaW50Ijp7InVzZXJfYWdlbnQiOiJDaHJvbWUiLCJpcCI6IiJ9LCJ1cGRhdGVkX2F0IjoxNjczNTU2ODE3LCJjcmVhdGVkX2F0IjoxNjczNTU2ODA1fSwiaWF0IjoxNjczNTU2ODE3LCJpc3MiOiJhcGkuc3RyZWFtYmlyZC5pby82ZTdjOWYxYi01ZTY2LTQwMGMtOTlhNy03ODM0MTFlMDNhYWMiLCJqdGkiOiJzZXNzXzJLRjQ0VDEzYjFjbEhFb09IcHdFbVR0bGR4NSIsIm5iZiI6MTY3MzU1NjgxNywic3ViIjoiZGU4ZGMzYjEtYjdlMC00ZTc5LTkyNTctNmY2ODBlNTE5NzBiIn0.ftGVnMztULiawr7XICEbKNT1KBep0XR3GHwzt-XWfz4BWSwUWEyueNUb1OVlS7wObyVZS6GvAHd2FfyJDv9LLneRzza6zuYxrZ6P52mI6zCGeyxJX95LBR5eyx-55Se_Z13cK1Lnky6xI4rm96wKvUkE3SObse9b1J7rXaZk_TF0Phss2-L53n_xTtXiDecPKe6DvnVh-AWv6pcDB4HpsMDSEiSgGo-0NNgcDNs5WuDz7W9AIOH_6DjfIghBx7RDr_S8EUkn55-w01uJjohHshTKtN2GsGgiR-mbpHum84RpakCMvXMqVURcQsjtQP7uN5qjllTXPI272QQkmGtQYg",
  "user_id": "user_2Cu2uVhYy0OVgRcO913OsqIVaPIb"
}

Authorizations

Authorization
string
header
required

Auth Platform API includes all the Auth related features. All Users, Phone Numbers, Emails, and OTPs are associated with an App as the container.

Endpoints only accept App's Secret API keys other than certain endpoints that are used client side or via SDK that accept the public_token.

Authentication using App Api Key

Header:

Authorization: Bearer {api_key}

Authenticated Request

curl \
  -X GET https://api.streambird.io/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2 \
  -H "Authorization: Bearer sk_test_pRqweh3wvWmJAAVYv7Z0T5iPLzFM4ql0muoyQcjOxGeN3p1r"

Body

application/json
user_id
string
required

Unique given user ID.

password
string
required

User password.

session_expires_in
integer

Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days).

session_token
string

Unique Session token to verify.

session_jwt
string

Unique Session JWT to verify.

device_fingerprint
object

Device fingerprinting metadata for fraud detection during verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the Verify Token step by matching fields in the device_fingerprint such as IP, User Agent or the combination of them (more fraud detection features coming soon!)

Response

200 - application/json

Verify Password (Enterprise) response

session
object
user_id
string
session_token
string
session_jwt
string