Delegated Login

POST /auth/login/delegated

Logs a user into an organization without the user's credentials.

If you want to use your own authentication system, while still using Delegated Signing, you can use this endpoint to authenticate a user without needing the user's credentials.

The user authentication token can be used for read operations within the Dfns API, however, write operations will still require the user to sign the action.

Service account required. See Service Accounts for more information.
User action signature required. See User Action Signing for more information.
Request headers required. See Request Headers for more information.
Authentication required. See Authentication Headers for more information.

Required Permissions

Name Conditions

Name	Conditions
`Auth:Users:Read`	Always Required
`Auth:Users:Delegate`	Always Required
`Auth:Types:Employee`	When `kind` is `CustomerEmployee`
`Auth:Types:EndUser`	When `kind` is `EndUser`

Auth:Users:Read

Always Required

Auth:Users:Delegate

Always Required

Auth:Types:Employee

When kind is CustomerEmployee

Auth:Types:EndUser

When kind is EndUser

Request body

username *

String

The username that identifies the user in the org

Example:

{
  "username": "jdoe@example.co"
}

Responses

See Common Errors for common errors.
See Delegated Authentication Errors for delegated authentication specific errors.

Success - the user's authentication token

{
  "token": "eyJ0eX...bzrQakA"
}

Last updated 2 months ago