Implementing the "Login Flow API"

Applicaster offers an out of the box integration with Cleeng, Inplayer & MPX auth providers.

As well, Applicaster provides integration with any provider that supports oAuth2.

With that said there are cases that customers need more control on their login flow and prefer using their own custom login implementation. This guide will walk you through how to implement your own API to be able to integrate it with Applicaster login flow. Doing so will allow you to take benefit from our pre-existing Login UI both for mobile and TV.

tip

The feature allows any customer to connect its login API to a customized web app that we built. The reason we chose web and not native is because we're offering the same UI from the browser when logging in to our TV platforms using Pin & Pair using QR code.

Implement API URLs

note

Later on you'll use the API URLs to configure the login flow plugin in Zapp.

Check out the Mobile Login and the TV Login guides for more information.

Login URL

The Login URL expects a POST request with the following JSON body:

{ "email": "<USER_PASSWORD>", "password": "<USER_EMAIL>" }

Successful Response should return the following JSON body with status code 200:

{
"access_token": "<ACCESS_TOKEN>",
"refresh_token":"<REFRESH_TOKEN>",
"expires_in": "<EXPIRES_IN_SECONDS>"
}
note

Note that for successful responses, the status code should appear both in the status field and in the http status code response.

Unsuccessful Response will return the following JSON body with status code 403:

{
"formError": "Any global message you want to display to the user",
"fieldErrors": {
"email": "A secific error message for the email field. Passing true instead of a string will mark the field with an error border",
"password": "A specific error message for the password field. Passing true instead of a string will mark the field with an error border"
}
}

Register URL

The Register URL expectes a POST request with the following JSON body:

{
"firstName": "<FIRST_NAME>",
"lastName": "<LAST_NAME>",
"email": "<EMAIL>",
"password": "<PASSWORD>",
"approveTermsOfUse": "on" or null,
"approveMarketing": "on" or null
}

A Successful Response should return the following JSON body with status code 200:

{
"access_token": "<ACCESS_TOKEN>",
"refresh_token":"<REFRESH_TOKEN>",
"expires_in": "<EXPIRES_IN_SECONDS>"
}

An unsuccessful Response will return the following JSON body with status code 403:

{
"formError": "Any global message you want to display to the user",
"fieldErrors": {
"email": "A specific error message for the email field'. Passing true instead of a string will mark the field with an error border",
"password": "A specific error message for the password field. Passing true instead of a string will mark the field with an error border",
"firstName": "A specific error message for the first name field. Passing true instead of a string will mark the field with an error border",
"lastName": "A specific error message for the last name field. Passing true instead of a string will mark the field with an error border",
"email": "A specific error message for the email field. Passing true instead of a string will mark the field with an error border",
"password": "A specific error message for the password field. Passing true instead of a string will mark the field with an error border",
"approveTermsOfUse": "A specific error message for the terms of use field. Passing true instead of a string will mark the field with an error border",
"approveMarketing": "A specific error message for the marketing field. Passing true instead of a string will mark the field with an error border"
}
}

Reset Password URL

The reset password URL expects a POST request with the following JSON body:

{ "email": "<USER_EMAIL>" }

A Successful Response should return a response with status code 200 or 201

note

Resting passwords should be done in the browser, outside of the app. It's your responsibility to send a reset password email to the user and to implement all the reset password flow on the web.

An unsuccessful Response will return the following JSON body with status code 403:

{
"formError": "Any global message you want to display to the user",
"fieldErrors": {
"email": "A specific error message for the email field'. Passing true instead of a string will mark the field with an error border"
}
}

Refresh Token URL

note

The app will use the refresh_token it obtained in the login/register response. to periodically check if the user is still authorized.

The Refresh URL expects POST request with the following JSON body:

{
"refresh_token":"<REFRESH_TOKEN>",
}

A successful Refresh api should return the following JSON body with status code 200:

{
"access_token": "<ACCESS_TOKEN>",
"refresh_token":"<REFRESH_TOKEN>",
"expires_in": "<EXPIRES_IN_SECONDS>",
}

An unsuccessful Response will return the following JSON body with status code 403.