Authentication

Authentication is required to access the Supesa API endpoints. This guide highlights the process using email, password, and passcode.

Sign-up

Register a new account using the /account/auth/sign-up endpoint:

curl -X POST https://api.supesa.io/account/auth/sign-up \
  -H "content-type: application/json" \
  -d '{
    "email": "your_email@example.com",
    "password": "your_secure_password",
    "passcode": "your_passcode"
  }'

Successful registration returns:

Response

  {
    "code": 200,
    "message": {
      "access_token": "your_access_token_here",
      "user_id": "your_user_id",
      "pass_code": "Passcode correct"
    },
    "ref": "some_reference_id"
  }

Sign-in

Sign-in using the /account/auth/sign-in endpoint:

curl -X POST https://api.supesa.io/account/auth/sign-in \
  -H "content-type: application/json" \
  -d '{
    "email": "your_email@example.com",
    "password": "your_secure_password",
    "passcode": "your_passcode"
  }'

Correct credentials returns:

Response

  {
    "code": 200,
    "message": {
      "access_token": "your_access_token_here",
      "user_id": "your_user_id",
      "pass_code": "Passcode correct"
    },
    "ref": "some_reference_id"
  }

Sign-Out

Sign-Out using the /account/auth/sign-out endpoint:

curl -X POST https://api.supesa.io/account/auth/sign-out \
  -H "content-type: application/json" \
  -d '{}'

This endpoint invalidates the currently active access_tokens on the account signed-in.

Response

  {
    "code": 200,
    "message": {},
    "ref": "some_reference_id"
  }

Update Passcode

Update a user's passcode /account/auth/sign-out endpoint:

curl -X PUT https://api.supesa.io/account/auth/passcode/update \
  -H "content-type: application/json" \
  -d '{
    "access_token": "your_access_token_here",
    "user_id": "your_user_id",
    "current_passcode": "1234",
    "updated_passcode": "4321",
  }'

This endpoint updates the user's passcode needed for sign-in.

Response

  {
    "code": 200,
    "message": {},
    "ref": "some_reference_id"
  }

Security Note

The parameter access_token is multi-use, and expires after 12 hours of existance - after which a reauthentication will be required to generate a new token.

Ensure you keep your access token confidential. If compromoised, please sign-out it immediately to invalidate all access_tokens before createing a new access_token by means of signing-in.

Using an SDK

If you use one of our official SDKs, you won't have to worry about any of the above — fetch your access token from the Supesa dashboard under API settings, and the client library will take care of the rest.

Check out our list of first-party SDKs

Was this page helpful?