Auth

Authentication and authorization related endpoints.

Create a short-lived token

Securityoauth2 or bearerAuth or apiKeyHeader
Request
Request Body schema: application/json
required
permissions
Array of strings

List of permissions that the short-lived token can have. These can only be permissions that are already given to the calling user.

Responses
200

JWT token

post/auth/token/short-lived
Request samples
application/json
{
  • "permissions": [
    ]
}
Response samples
application/json
{
  • "token": "string"
}

Exchange username and password for JWT token

Request
query Parameters
companyId
string >= 1

The unique company identifier.

domain
string

A valid domain associated with a company

userType
string

User type.

authType
string (AuthType)

The authentication type to explicitly use

Enum: "basic" "google" "oneTimeCodeEmail" "oneTimeCodeText" "SAML"
authValueType
string (AuthValueType)

The authentication value type to explicitly use

Enum: "email" "username" "phone" "samlSubjectNameId"
Request Body schema: application/json
required
Any of:
username
string

The username to authenticated. This can be a username or an email, depending on the configuration.

password
string <password>

The password to authenticate with.

Responses
200

JWT token

post/auth/token
Request samples
application/json
{
  • "exchangeToken": "string"
}
Response samples
application/json
{
  • "token": "string"
}

Exchange current token for a new one

Securityoauth2 or bearerAuth
Responses
200

JWT token

put/auth/token
Response samples
application/json
{
  • "token": "string"
}

End login session, invalidating current login token.

Securityoauth2 or bearerAuth
Responses
200

Success

delete/auth/token
Response samples
application/json
{
  • "status": 0,
  • "message": "string"
}

Change password

Securityoauth2 or bearerAuth or apiKeyHeader
Request
Request Body schema: application/json
required
Any of:
username
string

The username to authenticated. This can be a username or an email, depending on the configuration.

password
string <password>

The password to authenticate with.

Responses
200

Success

post/auth/password
Request samples
application/json
{
  • "exchangeToken": "string"
}
Response samples
application/json
{
  • "status": 0,
  • "message": "string"
}

Get all permissions for the requesting user

Securityoauth2 or bearerAuth or apiKeyHeader
Responses
200

Success

get/auth/permissions
Response samples
application/json
{
  • "status": 0,
  • "message": "string",
  • "companyId1": [
    ],
  • "companyId2": [
    ]
}

Get logged-in user's info.

Securityoauth2 or bearerAuth or apiKeyHeader
Responses
200

Success

get/auth/user
Response samples
application/json
{
  • "data": {
    }
}

Takes a user ID and returns a temporary token that can be exchanged for a real auth token.

Securityoauth2 or bearerAuth or apiKeyHeader
Request
Request Body schema: application/json
required
userId
required
string (AnyId) ^ext-|^[A-Z][A-Z0-9]-[A-Z0-9]+-[A-Z0-9]+|^\d+...

Peach's unique or lender's external identifier.

Responses
200

Success

post/auth/exchange-token
Request samples
application/json
{
  • "userId": "string"
}
Response samples
application/json
{
  • "data": {
    }
}

Send one time code.

Send a one time code to a phone number or email address. For phone numbers, the code can be sent via text or voice.

Request
path Parameters
companyId
required
string

The unique company identifier.

Request Body schema: application/json
required
username
required
string

Either an email address or phone number.

If the specified channel is text or voice, or the auth type for the specified userType is oneTimeCodeText, then this must be a valid phone number. Otherwise, it must be a valid email address.

This username is used to look up the user in the system.

For agents:

  • If the user belongs to an agent, then the given username is used directly as the recipient email address or phone number to text or call with the one time code.

For borrowers:

  • If the user belongs to a borrower of type business, then the given username is used directly as the recipient email address or phone number to text or call with the one time code.
  • If the user belongs to a borrower of type person, then borrower's primary contact with affiliation=self is selected. And that value is used as the recipient email address or phone number to text or call with the one time code.
userType
string (UserType)

The type of the user.

Enum: "agent" "borrower" "service"
channel
required
string (OneTimeCodeChannel)

The channel via which to send the one time code through.

Enum: "email" "text" "voice"
context
object

Template specific properties to substitute in the corresponding ConfirmationCode template.

force
boolean
Default: false

Force using the auth type of the user and not the company

Responses
202

No input errors were found. i.e., The one time code may have been sent successfully.

We do not reveal if a borrower is found and a message successfully sent in order to prevent an attacker from learning if the given phone number or email addresse is in the system.

429

This request has been rate limited; please try again later.

post/companies/{companyId}/auth/send-one-time-code
Request samples
application/json
{
  • "username": "string",
  • "userType": "agent",
  • "channel": "email",
  • "context": { },
  • "force": false
}

Replace user's auth based on configured company auth type

Replace the user's authentication values from scratch. The authentication type is derived from the company config.

Securityoauth2 or bearerAuth or apiKeyHeader
Request
path Parameters
userId
required
string (AnyId) ^ext-|^[A-Z][A-Z0-9]-[A-Z0-9]+-[A-Z0-9]+|^\d+...

Unique user identifier.

Request Body schema: application/json
required
One of:
email
required
string

The email address to use for the new auth.

password
string or null

The new password to use. Only applicable for basic auth.

Responses
200

Success

put/users/{userId}/auth
Request samples
application/json
{
  • "email": "string",
  • "password": "string"
}
Response samples
application/json
{
  • "status": 0,
  • "message": "string",
  • "data": {
    }
}

SAML callback endpoint

Request
path Parameters
companyId
required
string

The unique company identifier.

query Parameters
userType
string

User type.

appDomainType
string (AppDomainType)

App Domain Type.

Enum: "borrower" "agent" "help" "admin"
Request Body schema: application/x-www-form-urlencoded
required
SAMLResponse
required
string
RelayState
string
Responses
200

Success

post/companies/{companyId}/auth/saml/callback
Request samples
application/x-www-form-urlencoded
SAMLResponse=string&RelayState=string

Redirect to the SAML login endpoint

Request
path Parameters
companyId
required
string

The unique company identifier.

query Parameters
userType
string

User type.

appDomainType
string (AppDomainType)

App Domain Type.

Enum: "borrower" "agent" "help" "admin"
returnUrl
boolean
Default: false

If true, will return a URL to the login instead of redirecting to the login

Responses
200

Success

get/companies/{companyId}/auth/saml/login

Display Peach SP Metadata

Peach acts as the service provider

Request
path Parameters
companyId
required
string

The unique company identifier.

query Parameters
userType
string

User type.

appDomainType
string (AppDomainType)

App Domain Type.

Enum: "borrower" "agent" "help" "admin"
Responses
200

Success

get/companies/{companyId}/auth/saml/metadata.xml

Display IdP setup help

Request
path Parameters
companyId
required
string

The unique company identifier.

query Parameters
userType
string

User type.

appDomainType
string (AppDomainType)

App Domain Type.

Enum: "borrower" "agent" "help" "admin"
Responses
200

Success

get/companies/{companyId}/auth/saml/help