Authentication API
The Authentication API (Auth API) is responsible for user authentication, session management, and access control in the ThreatWinds platform. It works in conjunction with the Gateway to secure all API requests and ensure that only authorized users can access protected resources.
Overview
ThreatWinds Auth API allows you to:
| Feature | Description | Documentation |
|---|---|---|
| User Management | Create and manage user accounts | User Management |
| Email Authentication | Authenticate users through email verification | Email Management |
| Session Management | Create and manage user sessions | Session Management |
| API Key Management | Create and manage API keys for programmatic access | Key Pair Management |
| Authentication Validation | Verify and validate authentication credentials | Authentication Flow |
Authentication Methods
ThreatWinds supports two primary authentication methods:
| Authentication Method | Description | Best For |
|---|---|---|
| Bearer Token Authentication | Uses an Authorization header with a bearer token | Web applications and interactive sessions |
| API Key Authentication | Uses API key and API secret headers | Third-party integrations and automated systems |
For more details on the authentication flow, see the Authentication Flow page.
API Endpoints
The base URL for the Auth API is:
https://apis.threatwinds.com/api/auth/v2
For detailed information about each endpoint, please refer to the specific documentation pages.
Error Response Headers
All error responses include the following custom headers:
| Header | Description |
|---|---|
| x-error | Human-readable error message describing what went wrong |
| x-error-id | Unique MD5 hash identifier for error tracking and support |
Error Codes
| Status Code | Description | Possible Cause |
|---|---|---|
| 200 | OK | Request successful (GET operations) |
| 202 | Accepted | Request accepted for processing (POST/PUT operations) |
| 204 | No Content | Successful operation with empty result set |
| 400 | Bad Request | Invalid request parameters, malformed JSON, or validation error |
| 401 | Unauthorized | Invalid session, API key, or verification code |
| 403 | Forbidden | Authenticated user lacks permission for this operation |
| 404 | Not Found | User, session, keypair, or resource does not exist |
| 500 | Internal Server Error | Database error, email failure, or server-side error |