Identity Management

GET /user/{userId}/logins

Requires authentication with server or user access token.

List the user's login attempts, failed as well as successful.

See also

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave us a comment.

Request

GET /api/2/user/{userId}/logins

userId

required path parameter

The user's uuid or userId (not to be mistaken with the deprecated id)

ip

optional

Filter by login attempts from this IP address

status

optional

Filter by successful (true) or failed (false) logins

filters

optional
merchant
Show all results within the current merchant rather than the current client

The pagination parameters limit, since, offset, and until are also supported.

Example request

cURL
Minimal example
curl https://login.schibsted.com/api/2/user/42/logins -G \
   -d "oauth_token=[access token]"
With all parameters
curl https://login.schibsted.com/api/2/user/42/logins -G \
   -d "oauth_token=[access token]" \
   -d "ip=8.8.8.8" \
   -d "status=0"
Java
Minimal example
SpidOAuthToken token = spidClient.getUserToken(code);
String responseJSON = spidClient.
    GET(token, "/user/42/logins").
    getResponseBody();
With all parameters
Map<String, String> params = new HashMap<>() {{
    put("ip", "8.8.8.8");,
    put("status", "0");
}};

SpidOAuthToken token = spidClient.getUserToken(code);
String responseJSON = spidClient.
    GET(token, "/user/42/logins", params).
    getResponseBody();

This example is an excerpt, see a full example

PHP
Minimal example
<?php
$client->auth();
echo var_dump($client->api("/user/42/logins"));
With all parameters
<?php
$params = array(
    "ip" => "8.8.8.8",
    "status" => "0"
);

$client->auth();
echo var_dump($client->api("/user/42/logins", $params));

This example is an excerpt, see a full example

Clojure
Minimal example
(ns example
  (:require [spid-client-clojure.core :as spid]))

(let [client (spid/create-client "[client-id]" "[secret]")
      token (spid/create-user-token client "[code]")]
  (spid/GET client token "/user/42/logins"))
With all parameters
(ns example
  (:require [spid-client-clojure.core :as spid]))

(let [client (spid/create-client "[client-id]" "[secret]")
      token (spid/create-user-token client "[code]")]
  (spid/GET client token "/user/42/logins" {"ip" "8.8.8.8"
                                            "status" "0"}))

Response

This endpoint supports the JSON and JSON-P response formats.

Success: 200 OK

A list of login attempt objects

Login attempt object

This object contains details about a login attempt

id

string

clientid

string

merchantId

integer (as string)

email

string

userid

string

userAgent

string

created

date

type

Login type

ip

string

Originating IP address

initalReferer

string

Referer from which the user came from

referer

string

Referer from which the login attempt came from

trackingRef

string

Client-provided unique visitor reference. Used for tracking

trackingTag

string

Client-provided string. Used for custom order tracking

status

string

"true" if login was successful, "false" if not

hash

string

An md5 hash of email+ip+userAgent. Used to identify login attempt patterns

Login type

An enum, with the following possible values:

"normal"

User provided email and password to log in.

"auto"

Caused by an active 'remember me' cookie.

"thirdparty"

Logged in via third-party provider, such as Facebook, Google, etc.

"api"

Logged in via the SPiD API (used by native mobile apps).

Failure cases

Some HTTP response codes are used for multiple error situations. There is no consistent way to tell these apart, but the error object will contain a textual explanation of the reason for the error. For explanation on OAuth related failures and errors see OAuth authentication failures.

  • 401 Unauthorized You don't have administration rights for this client.
  • 401 Unauthorized Your client doesn't have administration rights for this client.
  • 403 Forbidden Client is not authorized to access this API endpoint. Contact SPiD to request access.
  • 403 Forbidden Requesting IP is not whitelisted
  • 403 Forbidden Access token rejected
  • 404 Not Found Unknown client ID
  • 404 Not Found Client ID mismatch. The client making the request is no the owner of this resource, and does not have administrative privileges for it.
  • 420 Request Ratelimit exceeded

Sample response

JSON
[
  {
    "status": "true",
    "referer": "https://identity-pre.schibsted.com/auth/login?client_id\u003d52f8e3d9efd04bb749000000\u0026redirect_uri\u003d\u0026response_type\u003d0\u0026flow\u003dpayment\u0026product_id\u003d301691\u0026campaign_id\u003d0\u0026voucher_code\u003d0\u0026voucher_purchase_code\u003d0\u0026tag\u003d0\u0026webview\u003d0",
    "clientId": "[Your client ID]",
    "trackingRef": false,
    "userId": "369662",
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36",
    "hash": "6e22cb542d8193695e6c9e4f52f96ded",
    "trackingTag": false,
    "merchantId": "[Your merchant ID]",
    "created": "2014-08-04 16:04:11",
    "email": "user@domain.tld",
    "type": "normal",
    "initialReferer": "https://identity-pre.schibsted.com/auth/login?client_id\u003d52f8e3d9efd04bb749000000\u0026redirect_uri\u003d\u0026response_type\u003d0\u0026flow\u003dpayment\u0026product_id\u003d301691\u0026campaign_id\u003d0\u0026voucher_code\u003d0\u0026voucher_purchase_code\u003d0\u0026tag\u003d0\u0026webview\u003d0",
    "provider": "default",
    "id": "150032266",
    "ip": "127.0.0.1"
  }
]
JSON-P
callback([
  {
    "status": "true",
    "referer": "https://identity-pre.schibsted.com/auth/login?client_id\u003d52f8e3d9efd04bb749000000\u0026redirect_uri\u003d\u0026response_type\u003d0\u0026flow\u003dpayment\u0026product_id\u003d301691\u0026campaign_id\u003d0\u0026voucher_code\u003d0\u0026voucher_purchase_code\u003d0\u0026tag\u003d0\u0026webview\u003d0",
    "clientId": "[Your client ID]",
    "trackingRef": false,
    "userId": "369662",
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36",
    "hash": "6e22cb542d8193695e6c9e4f52f96ded",
    "trackingTag": false,
    "merchantId": "[Your merchant ID]",
    "created": "2014-08-04 16:04:11",
    "email": "user@domain.tld",
    "type": "normal",
    "initialReferer": "https://identity-pre.schibsted.com/auth/login?client_id\u003d52f8e3d9efd04bb749000000\u0026redirect_uri\u003d\u0026response_type\u003d0\u0026flow\u003dpayment\u0026product_id\u003d301691\u0026campaign_id\u003d0\u0026voucher_code\u003d0\u0026voucher_purchase_code\u003d0\u0026tag\u003d0\u0026webview\u003d0",
    "provider": "default",
    "id": "150032266",
    "ip": "127.0.0.1"
  }
]);

Comments/feedback

Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. SPiD reads and responds to every question. Additionally, your experience can help others using SPiD, and it can help us continuously improve our documentation.