Developer Help Center

Authenticating

The Revelator API provides two authentication resources. Both resources return access tokens when the parameters provided in the requests are valid.

Whether you use one, the other or both depends on your use case.

The login resource allows you to login users with their involvement (prompted). The loginpartner resource allows you to login users unattended (unprompted).

Note

Unprompted login is recommended in most cases. Prompted login is the preferred method only when the partner is not maintaining their own database of user credentials.

  • Prompted Login. The partner application prompts users for their information in a custom login page.

    • The user must have knowledge of their credentials. Signup must occur via a custom signup page (prompted signup) or via the Revelator web interface.

    • Requires a reCAPTCHA integration with the Revelator server. Please contact your account manager. You will need to provide your domain name and they will provide with the public site key.

  • Unprompted Login. The partner application automates login; the user is not prompted for their information and has no knowledge of anything outside of the partner application.

    • The partner application provides the partnerUserId parameter.

      For child accounts: The partnerUserId parameters for your users are set by you (the partner application) when Signing Up New Users. Signup must occur through a prompted or unprompted API implementation, and not via the Revelator web interface.

      For partner tenant: The partnerUserId parameter for the partner tenant is provided to you (the partner) upon onboarding, when relevant. This is relevant for:

      • Partners who are executing all their API calls in the partner tenant (single tenant model) and are not creating sub-accounts for each of their users in the Revelator system.

      • Partners who are executing API calls in their partner tenant in addition to their user's sub accounts. This is relevant for partners managing royalties via the API (API plan C).

Figure 1. Signup/Authentication Scenarios
Signup/Authentication Scenarios

For more information about signup, see Signing Up New Users



POST /account/login

Note

The body of this request must be x-www-form-urlencoded instead of JSON.

Table 1. Request Body Parameters

Parameter

Type

Description

username

Mandatory

string

User's email.

password

Mandatory

string

User's password.

recaptchaToken

Mandatory

string

Token retrieved from recaptcha. For more information, see .



curl --location --request POST 'http://staging-api.revelator.com/account/login' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username=USER@DOMAIN.COM' \
--data-urlencode 'password=PASSWORD' \
--data-urlencode 'recaptchaToken=RECAPTCHA_TOKEN'

POST /partner/account/login

Table 2. Request Body Parameters

Parameter

Type

Description

partnerUserId

Mandatory

string

partnerUserId value assigned to the user in the signup resource. See Signing Up New Users.

partnerApiKey

Mandatory

string

API key provided by your Revelator account manager.The API provided by your account manager.



curl -X POST 'https://staging-api.revelator.com/partner/account/login'\ 
-H 'Content-Type: application/json'\  
-H 'Accept: application/json'\  
-d '{ "partnerUserId": "user123",  
    "partnerApiKey":"00000000-0000-0000-0000-000000000000" }'