Skip to content
This repository has been archived by the owner on Oct 7, 2024. It is now read-only.

Server: Authentication API

Jump to bottom
Rodolfo Andrés Rivas Matta edited this page Aug 5, 2023 · 1 revision

Find information about the authentication API for the Lynx platform here.

The API provides three endpoints, one for creating an account (signup), one for login in (signin), and one for login out (signout).

Creating an Account

URL: https://api.lynxgamestore.com/auth/signup
Method: POST

This endpoint expects a plain POST request with its content formatted as application/x-www-form-urlencoded. The parameters for this request are as follows:

Parameter Name Description
username User ID for logging in.
fname User first name.
lname User last name.
email User email.
password -
passwordConfirm The server also double-checks.

Sample CURL request: 
curl -X POST -d username=<username> -d "fname=<fname>" -d "lname=<lname>" -d email=<email> -d password=<password> -d passwordConfirm=<passwordConfirm> https://api.lynxgamestore.com/auth/signup

Returns
This request will return a 400 error if there is an issue with any parameters. On success, it will return a 200 status with the following application/json response:

{
    "message": "Your account has been created."
}

Log In

URL: https://api.lynxgamestore.com/auth/signin
Method: POST

Many requests require user verification (e.g., purchasing or downloading an owned game). Lynx verifies every request with a logged-in sessionid. To get a valid session id, use this login request. Similar to signup, send an application/x-www-form-urlencoded POST request with the following parameters:

Parameter Name Description.
username Account username.
password Account password.

Important: The signup request doesn't send a sessionid. After successfully creating an account, logging in to make other subsequent requests is still necessary.


Sample CURL request: 
curl -X POST -d username=<username> -d password=<password> -i https://api.lynxgamestore.com/auth/signin

The i flag in the example prints the response headers. Look at the example output:

HTTP/1.1 201 Created
Date: Tue, 01 Aug 2023 01:12:07 GMT
Server: WSGIServer/0.2 CPython/3.11.4
Content-Type: application/json
X-Frame-Options: DENY
Vary: Cookie
Content-Length: 140
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Cross-Origin-Opener-Policy: same-origin
Set-Cookie:  csrftoken=Uis01dcl1J6oY8IH5POd3NOK9TY7GtcJ; expires=Tue, 30 Jul 2024 01:12:07 GMT; Max-Age=31449600; Path=/; SameSite=Lax
Set-Cookie:  sessionid=9ayprnnelmkmqo3wc5s55mahwemtjnbo; expires=Tue, 15 Aug 2023 01:12:07 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax

{"message": "You have successfully logged in.", "first_name": "<fname>", "last_name": "<lname>", "email": "<email>"}

Note the last Set-Cookie header containing the sessionid. Subsequent requests require this sessionid to verify the user. Send it back as a cookie.

Returns
On successfully signing in, the server responds with the application/json data above. However, if there is an issue (e.g., wrong password or nonexistent username), the server responds with a meaningless message.

Log Out

URL: https://api.lynxgamestore.com/auth/signout
Method: not defined

Finally, to log out and unlink the account to the sessionid, send a request to the signout endpoint. The server will attempt to log out of the account, but it will send the same message back whether or not it was successful.

Sample CURL request:

curl -H "Cookie: sessionid=9ayprnnelmkmqo3wc5s55mahwemtjnbo" https://api.lynxgamestore.com/auth/signout

Returns
The server will always return the same application/json data:

{
    "message": "You have logged out successfully."
}

Navigation

Clone this wiki locally