The first step in authenticating a user.
POST/authentication/credentials
- Username and password are sent in the request, and if they are correct a temporary session token and a user will be returned, along with a security question that must be answered.
- The user token that gets returned must be included as a header parameter (key "CU*Answers-User") for ALL subsequent requests.
- The temporary session token will accompany the answer and id of the quiestion returned in the body of the security answer request.
- In order to use this API, all requests must have an "appKey" sent in the header of the request.
- You may not store any part of the authentication process, to include, but not limited to Username, Password, Security Questions or Answers in your application or backend databases or servers. This is a security best practice. We do not want any elements of the member’s credentials stored on the device, vendor’s servers, or in the cloud. This can cause account vulnerability.
Request
Responses
- 200
- 400
- 401
- 403
Success
Request data is either missing or invalid.
The username or password is incorrect.
Use of the API is not allowed.