Identity Management

POST /signin

Requires authentication with server access token.

This endpoint generates an unique token (5 minutes of expiration time) sent to user's e-mail, that allows user to log-in to SPiD without providing his/hers credentials.

  • Only one token per user can be active at one time.
  • User doesn't have to be previously registered at SPiD.

You can further improve user's experience by setting context of token e-mail & confirmation page by providing a Client information.

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave us a comment.

Request

POST /api/2/signin

identifier

required

Email of the user

redirectUri

required

Where to redirect the user after completing signin request

context

optional

Example request

cURL
Minimal example
curl https://login.schibsted.com/api/2/signin \
   -X POST \
   -d "oauth_token=[access token]" \
   -d "identifier=14" \
   -d "redirectUri=http://somewhere.com/else/"
With all parameters
curl https://login.schibsted.com/api/2/signin \
   -X POST \
   -d "oauth_token=[access token]" \
   -d "identifier=14" \
   -d "redirectUri=http://somewhere.com/else/" \
   -d "context=Foo bar"
Java
Minimal example
Map<String, String> params = new HashMap<>() {{
    put("identifier", "14");,
    put("redirectUri", "http://somewhere.com/else/");
}};

SpidOAuthToken token = spidClient.getServerToken();
String responseJSON = spidClient.
    POST(token, "/signin", params).
    getResponseBody();
With all parameters
Map<String, String> params = new HashMap<>() {{
    put("identifier", "14");,
    put("redirectUri", "http://somewhere.com/else/");,
    put("context", "Foo bar");
}};

SpidOAuthToken token = spidClient.getServerToken();
String responseJSON = spidClient.
    POST(token, "/signin", params).
    getResponseBody();

This example is an excerpt, see a full example

PHP
Minimal example
<?php
$params = array(
    "identifier" => "14",
    "redirectUri" => "http://somewhere.com/else/"
);

$client->auth();
echo var_dump($client->api("/signin", "POST", $params));
With all parameters
<?php
$params = array(
    "identifier" => "14",
    "redirectUri" => "http://somewhere.com/else/",
    "context" => "Foo bar"
);

$client->auth();
echo var_dump($client->api("/signin", "POST", $params));

This example is an excerpt, see a full example

Clojure
Minimal example
(ns example
  (:require [spid-client-clojure.core :as spid]))

(let [client (spid/create-client "[client-id]" "[secret]")
      token (spid/create-server-token client)]
  (spid/POST client token "/signin" {"identifier" "14"
                                     "redirectUri" "http://somewhere.com/else/"}))
With all parameters
(ns example
  (:require [spid-client-clojure.core :as spid]))

(let [client (spid/create-client "[client-id]" "[secret]")
      token (spid/create-server-token client)]
  (spid/POST client token "/signin" {"identifier" "14"
                                     "redirectUri" "http://somewhere.com/else/"
                                     "context" "Foo bar"}))

Response

This endpoint supports the JSON response format.

Success: 201 Created

Created a new signin request

Failure cases

Some HTTP response codes are used for multiple error situations. There is no consistent way to tell these apart, but the error object will contain a textual explanation of the reason for the error. For explanation on OAuth related failures and errors see OAuth authentication failures.

  • 302 Found The email address is blocked
  • 400 Bad Request Signin request could not be created
  • 400 Bad Request Required identifier parameter is missing
  • 400 Bad Request Required identifier parameter is invalid
  • 400 Bad Request Required redirectUri parameter is missing
  • 400 Bad Request Required redirectUri parameter is invalid or not matching requesting client
  • 401 Unauthorized You don't have administration rights for this client.
  • 401 Unauthorized Your client doesn't have administration rights for this client.
  • 403 Forbidden Client is not authorized to access this API endpoint. Contact SPiD to request access.
  • 403 Forbidden Requesting IP is not whitelisted
  • 403 Forbidden Access token rejected
  • 404 Not Found Unknown client ID
  • 404 Not Found Client ID mismatch. The client making the request is no the owner of this resource, and does not have administrative privileges for it.
  • 409 Conflict Signin request could not be created
  • 420 Request Ratelimit exceeded

Sample response

JSON
"Signin request created and sent"

Comments/feedback

Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. SPiD reads and responds to every question. Additionally, your experience can help others using SPiD, and it can help us continuously improve our documentation.