Skip to main content

Authorization

This document describes how to Sign-in and Authorize Flow API V1 requests.

Get a CSRF token

curl --location 'https://api.flow.gl/v1/csrf'

Example response

{
  "data": {
    "_csrf": "mBezzKZ8-5QAI_ivMHsYlz_EDU7atf-xj0oI"
  }
}

Create session (Sing-Sign-in)

curl --location 'https://api.flow.gl/v1/session' \
--header 'Content-Type: application/json' \
--data-raw '{
	"grant_type": "password",
	"email": "user@flow.gl",
	"password": "1234ABcd+",
    "_csrf": "mBezzKZ8-5QAI_ivMHsYlz_EDU7atf-xj0oI"
}'
--requests POST

Example response

{
  "data": {
    "access_token": "a98a6dc92606d4ffc8e8e75574ea29e7",
    "token_type": "bearer",
    "expires_at": "2024-04-13T07:51:16.066Z",
    "created_at": "2024-03-14T07:51:16.066Z",
    "updated_at": "2024-03-14T07:51:16.066Z"
  }
}

Creating a session will set a cookie via `Set-Cookie` header, cookie name is `access_token`.

Set-Cookie:
access_token=a98a6dc92606d4ffc8e8e75574ea29e7; HttpOnly; Secure;

Save `access_token` and send with each other request via `Cookie` header.

Check session state

curl --location 'https://api.flow.gl/v1/user/me' \
--header "Cookie: access_token=a98a6dc92606d4ffc8e8e75574ea29e7"

Example response

{
  "data": {
    "id": 2,
    "email": "user@flow.gl",
    "username": "user",
    "first_name": null,
    "last_name": null,
    "phone_number": null,
    "organization": null,
    "register_type": "regular",
    "metadata": null,
    "subscription": {
      "id": 2,
      "start_date": null,
      "end_date": "2032-02-10T07:02:31.212Z",
      "created_at": "2023-09-09T12:25:11.008Z",
      "updated_at": "2023-09-09T12:25:11.008Z"
    },
    "access_token": "a98a6dc92606d4ffc8e8e75574ea29e7",
    "ready_player_me_avatar_id": null
  }
}