Greedbag API documentation

Customer Accounts

These endpoints belong to Customer area where customers can manage their subscriptions, email address, password and remove their account.

`POST /customers/login`

Authenticate the customer with credentials, email and password.

Request

{
  "email": "testemail@mycompany.com",
  "password": "MyP4ssw0rd"
}

AuthorizationTokenResponse

{
  "token": "12345abcdef"
}

`GET /customers/self`

Fetch authenticated customer's information.

Permission

Require authorization.

CustomerResponse

{
  "address": null,
  "mobile": null,
  "phone": null,
  "name": "Test Name",
  "country": null,
  "address_town": null,
  "address_postcode": null,
  "email": "testemail@mycompany.com",
  "id": "58937470420006",
  "subscriptions": [
  ],
  "address_region": null
}

`PATCH /customers/self`

Update customer information. These fields are allowed:

name
email

Permission

Require authorization.

CustomerResponse

{
  "address": null,
  "mobile": null,
  "phone": null,
  "name": "Test Name",
  "country": null,
  "address_town": null,
  "address_postcode": null,
  "email": "testemail@mycompany.com",
  "id": "58937470420006",
  "subscriptions": [
  ],
  "address_region": null
}

`DELETE /customers/self`

Delete customer account.

Permission

Require authorization.

SuccessResponse

{
  "result": "deleted"
}

`POST /customers/newemail_confirm`

Confirm with the new email address by identifier and key provided via email.

Permission

None.

Request

{
  "identifier": "test-user-1",
  "key": "J32NA974R4F7N1HB"
}

SuccessResponse

{
  "result": "updated"
}

`POST /customers/password_reset`

Request for password resetting. Customer will get email notification including a link that link that contains a validation token.

Permission

None.

Request

{
  "email": "myname@mycompany.com",
  "reset_uri": "/customers/do_reset"
}

reset_uri - a valid retailer's URI (client web application).

SuccessResponse

{
  "result": "email_sent"
}

`POST /customers/do_reset`

Perform password resetting based on valid pair of token and email address.

Permission

None.

Request

{
  "email": "myname@mycompany.com",
  "code": "8KY0CX0LAR"
}

code - a token extracted from reset_link's path param.

TokenResponse

{
  "token": "eyJhbGciOiJIUzI1NiJ9.eyJwYXNzcGhyYXNlIjoiWTZadVhYc2Ywb2pmZVUifQ.ilHChoIUmt-UufO3u9ItFnOj6YpCe_5lSlabzYitRt4"
}

The token is JWT signed with the submitted code. Client application must jwt_decode() to view passphrase and display to web user. Decoded token will result to:

{
  "passphrase": "MyNewRandomP4ssw0rD"
}

`POST /customers/activate`

Activate user account (sign-up). Customer got an email notified to complete the sign-up process with the link that would contain identifier and secret.

Permission

None.

Request

{
  "identifier": "test-user-4",
  "secret": "MBMRDTVTD5",
  "password": "aAy1wweFw",
  "password_check": "aAy1wweFw"
}

SuccessResponse

{
  "result": "activated"
}

ErrorResponse

400 bad_request
401 access_denied
403 forbidden