# Authentication and authorization

Create and manage customer access tokens.

## Creating a new customer

> Creates a new customer account.\
> \
> \*\*Note\*\*: The request needs to be authorized with an anonymous access token.

```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io"}],"security":[{"AnonymousAccessToken":[]}],"components":{"securitySchemes":{"AnonymousAccessToken":{"type":"http","scheme":"bearer","description":"To generate an anonymous token, check out the 'Requesting an anonymous token' endpoint."}},"schemas":{"ResourceLocation":{"type":"object","title":"Resource Location","description":"Schema for showing location of the new resource.","properties":{"id":{"description":"Resource identifier.","type":"string"}}},"ErrorMessage":{"title":"","description":"Schema for API-specific errors.","type":"object","properties":{"status":{"minimum":100,"maximum":599,"description":"Original HTTP error code. It should be consistent with the HTTP response code.","type":"integer"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `validation_failure`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."},"details":{"description":"List of problems causing the error.","type":"array","items":{"title":"errorDetail","description":"Specific error cause.","type":"object","properties":{"field":{"description":"Element in request data which is causing the error, for example `category.name`.\nIf the violation was not field-specific, this field will be empty.","type":"string"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the specific error cause. This value should always be interpreted within the context of the general error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `missing_value`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."}}}}}},"CustomerSignup":{"type":"object","properties":{"email":{"minLength":1,"type":"string","description":"Customer email address."},"password":{"minLength":1,"type":"string","description":"Customer account password."},"customerDetails":{"$ref":"#/components/schemas/CustomerUpdateDto","description":"If customer details are provided, the `contactEmail` value has to be the same as in the `email` property of the contact."},"customerAddress":{"$ref":"#/components/schemas/Address"},"signup":{"$ref":"#/components/schemas/PasswordAuthentication","description":"Customer email and password used for separate login credentials to the frontend. Use these if you want to log in with a different email than the main contact email."}},"required":["email","password"]},"CustomerUpdateDto":{"allOf":[{"$ref":"#/components/schemas/CustomerCommonDto"},{"type":"object","properties":{"contactEmail":{"type":"string"}}}]},"CustomerCommonDto":{"title":"CustomerCommonDto","type":"object","properties":{"title":{"type":"string"},"firstName":{"type":"string"},"middleName":{"type":"string"},"lastName":{"type":"string"},"contactPhone":{"type":"string"},"company":{"type":"string"},"preferredLanguage":{"type":"string","default":"en_US","description":"Customer preferred language."},"preferredCurrency":{"type":"string","default":"USD","description":"Customer's preferred currency, compliant with the ISO 4217 standard.","minLength":3,"maxLength":3},"preferredSite":{"type":"string","default":"main","description":"Customer preferred site."},"b2b":{"$ref":"#/components/schemas/B2BCreate"},"metadata":{"$ref":"#/components/schemas/DefaultDtoMetadata"},"mixins":{"type":"object","description":"Customer account additional properties.","additionalProperties":true}}},"B2BCreate":{"type":"object","description":"Additional properties for B2B customer. If the `companyRegistrationId` property is provided, an additional validation for customer details executes - `firstName`, `lastName` and `company` values have to be provided.","properties":{"companyRegistrationId":{"type":"string","description":"Registration number of the company."}}},"DefaultDtoMetadata":{"title":"DefaultDtoMetadata","type":"object","allOf":[{"$ref":"#/components/schemas/BasicMetadataDto"},{"type":"object","properties":{"version":{"type":"integer"}}}]},"BasicMetadataDto":{"title":"DefaultDtoMetadata","type":"object","properties":{"mixins":{"type":"object","additionalProperties":true}},"description":"Links to mixin schemas."},"Address":{"type":"object","description":"Customer address information.","properties":{"id":{"type":"string","description":"Customer address' unique identifier generated when the address is added to the customer account."},"contactName":{"type":"string"},"companyName":{"type":"string"},"street":{"type":"string"},"streetNumber":{"type":"string"},"streetAppendix":{"type":"string"},"extraLine1":{"type":"string"},"extraLine2":{"type":"string"},"extraLine3":{"type":"string"},"extraLine4":{"type":"string"},"zipCode":{"type":"string"},"city":{"type":"string"},"country":{"type":"string","maxLength":2,"minLength":2},"state":{"type":"string"},"contactPhone":{"type":"string"},"isDefault":{"type":"boolean","default":false,"description":"Flag indicating whether the address is the customer default address."},"tags":{"type":"array","description":"","items":{"type":"string"}},"metadata":{"$ref":"#/components/schemas/DefaultDtoMetadata"},"mixins":{"type":"object","description":"Customer address' additional properties.","additionalProperties":true}},"required":["contactName"]},"PasswordAuthentication":{"type":"object","properties":{"email":{"minLength":1,"type":"string","description":"Customer email address."},"password":{"minLength":6,"type":"string","description":"Customer account password."}},"required":["email","password"]}},"responses":{"400_bad_request":{"description":"Request was syntactically incorrect. Details will be provided in the response payload.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}},"401_unauthorized":{"description":"Unauthorized","content":{"application/json":{"schema":{"type":"object","properties":{"fault":{"type":"object","properties":{"faultstring":{"type":"string"},"detail":{"type":"object","properties":{"errorcode":{"type":"string"}}}}}}}}}},"403_forbidden":{"description":"Given authorization scopes are not sufficient and do not match scopes required by the endpoint.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}},"409_conflict":{"description":"","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}}}},"paths":{"/customer/{tenant}/signup":{"post":{"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceLocation"}}}},"400":{"$ref":"#/components/responses/400_bad_request"},"401":{"$ref":"#/components/responses/401_unauthorized"},"403":{"$ref":"#/components/responses/403_forbidden"},"409":{"$ref":"#/components/responses/409_conflict"}},"description":"Creates a new customer account.\n\n**Note**: The request needs to be authorized with an anonymous access token.","operationId":"POST-customer-create-customer-account","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CustomerSignup"}}},"required":false,"description":""},"summary":"Creating a new customer","tags":["Authentication and authorization"]}}}}
```

## Requesting an anonymous token

> Sends an authentication request and returns an anonymous token. This operation causes creation of a new session-context document.\
> \
> Anonymous token is valid for one hour. After that time it should be refreshed in order to keep the same session ID associated.<br>

```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io","description":"Production"}],"paths":{"/customerlogin/auth/anonymous/login":{"get":{"tags":["Authentication and authorization"],"summary":"Requesting an anonymous token","description":"Sends an authentication request and returns an anonymous token. This operation causes creation of a new session-context document.\n\nAnonymous token is valid for one hour. After that time it should be refreshed in order to keep the same session ID associated.\n","operationId":"GET-oauth-generate-anonymous-access-token","parameters":[{"name":"tenant","in":"query","description":"Name of the tenant.\n\n**Note**: Name of the tenant is always written in lowercase.\n","required":true,"schema":{"type":"string"}},{"name":"client_id","in":"query","description":"Your Emporix API key - client ID.","required":true,"schema":{"type":"string"}},{"name":"currency","in":"query","description":"Three-letter currency code to set in the session context.","required":false,"schema":{"type":"string"}},{"name":"siteCode","in":"query","description":"Code of the site to set in the session context, as defined in the Site Settings Service.","required":false,"schema":{"type":"string"}},{"name":"language","in":"query","description":"Language to set in the session context.","required":false,"schema":{"type":"string"}},{"name":"targetLocation","in":"query","description":"Country code to set in the session context, as defined in the Country Service.","required":false,"schema":{"type":"string"}}],"responses":{"200":{"description":"The request was successful. An anonymous token is returned.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AnonymousAccessToken"}}}}}}}},"components":{"schemas":{"AnonymousAccessToken":{"type":"object","properties":{"access_token":{"type":"string"},"token_type":{"type":"string"},"expires_in":{"type":"integer","format":"int32"},"sessionId":{"type":"string"},"scope":{"type":"string"}}}}}}
```

## Refreshing an anonymous token

> Sends an authentication request and returns new anonymous token with same session ID attached.\
> \
> This operation causes update of a session-context document with given session ID.\
> \
> Anonymous token is valid for one hour. After that time, another refresh anonymous token request should be sent.<br>

```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io","description":"Production"}],"paths":{"/customerlogin/auth/anonymous/refresh":{"get":{"tags":["Authentication and authorization"],"summary":"Refreshing an anonymous token","description":"Sends an authentication request and returns new anonymous token with same session ID attached.\n\nThis operation causes update of a session-context document with given session ID.\n\nAnonymous token is valid for one hour. After that time, another refresh anonymous token request should be sent.\n","operationId":"GET-oauth-refresh-anonymous-access-token","parameters":[{"name":"tenant","in":"query","description":"Name of the tenant.\n\n**Note**: Name of the tenant is always written in lowercase.\n","required":true,"schema":{"type":"string"}},{"name":"anonymous_token","in":"query","description":"NOTE: It's recommended to use `refresh_token` parameter instead. <br>Anonymous token that needs to be refreshed so that the same session ID will be kept. Provide the value of the `access_token` you get in response to requesting a token request.","required":true,"deprecated":true,"schema":{"type":"string"}},{"name":"refresh_token","in":"query","description":"A refresh token generated when the anonymous token is created.","required":true,"schema":{"type":"string"}},{"name":"client_id","in":"query","description":"Your Emporix API key - client ID.","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"The request was successful. An anonymous token is returned.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AnonymousAccessToken"}}}}}}}},"components":{"schemas":{"AnonymousAccessToken":{"type":"object","properties":{"access_token":{"type":"string"},"token_type":{"type":"string"},"expires_in":{"type":"integer","format":"int32"},"sessionId":{"type":"string"},"scope":{"type":"string"}}}}}}
```

## Logging in a customer

> Logs in a customer and sends an authentication request.  \
> Returns two customer tokens:\
> &#x20; \- Customer access token\
> &#x20; \- Customer SaaS token\
> \
> &#x20; \*\*Note\*\*: The request needs to be authorized with an anonymous access token.

```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io"}],"security":[{"AnonymousAccessToken":[]}],"components":{"securitySchemes":{"AnonymousAccessToken":{"type":"http","scheme":"bearer","description":"To generate an anonymous token, check out the 'Requesting an anonymous token' endpoint."}},"schemas":{"CustomerToken":{"description":"","type":"object","allOf":[{"$ref":"#/components/schemas/RefreshCustomerToken"}],"properties":{"saasToken":{"type":"string","minLength":1,"deprecated":true},"saas_token":{"type":"string","minLength":1},"initialPassword":{"type":"string","description":"Indicates if login was performed with password created by an employee"}}},"RefreshCustomerToken":{"description":"","type":"object","properties":{"accessToken":{"type":"string","minLength":1,"deprecated":true},"expiresIn":{"type":"number","format":"int32","deprecated":true},"refreshToken":{"type":"string","minLength":1,"deprecated":true},"refreshTokenExpiresIn":{"type":"number","format":"int32","deprecated":true},"access_token":{"type":"string","minLength":1},"expires_in":{"type":"number","format":"int32"},"refresh_token":{"type":"string","minLength":1},"refresh_token_expires_in":{"type":"number","format":"int32"},"token_type":{"type":"string"},"session_id":{"type":"string"}}},"ErrorMessage":{"title":"","description":"Schema for API-specific errors.","type":"object","properties":{"status":{"minimum":100,"maximum":599,"description":"Original HTTP error code. It should be consistent with the HTTP response code.","type":"integer"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `validation_failure`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."},"details":{"description":"List of problems causing the error.","type":"array","items":{"title":"errorDetail","description":"Specific error cause.","type":"object","properties":{"field":{"description":"Element in request data which is causing the error, for example `category.name`.\nIf the violation was not field-specific, this field will be empty.","type":"string"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the specific error cause. This value should always be interpreted within the context of the general error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `missing_value`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."}}}}}},"PasswordAuthentication":{"type":"object","properties":{"email":{"minLength":1,"type":"string","description":"Customer email address."},"password":{"minLength":6,"type":"string","description":"Customer account password."}},"required":["email","password"]}},"responses":{"400_bad_request":{"description":"Request was syntactically incorrect. Details will be provided in the response payload.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}},"401_unauthorized":{"description":"Unauthorized","content":{"application/json":{"schema":{"type":"object","properties":{"fault":{"type":"object","properties":{"faultstring":{"type":"string"},"detail":{"type":"object","properties":{"errorcode":{"type":"string"}}}}}}}}}}}},"paths":{"/customer/{tenant}/login":{"post":{"responses":{"200":{"description":"The request was successful. A customer token is returned.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CustomerToken"}}}},"400":{"$ref":"#/components/responses/400_bad_request"},"401":{"$ref":"#/components/responses/401_unauthorized"}},"description":"Logs in a customer and sends an authentication request.  \nReturns two customer tokens:\n  - Customer access token\n  - Customer SaaS token\n\n  **Note**: The request needs to be authorized with an anonymous access token.","operationId":"POST-customer-authenticate-customer","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PasswordAuthentication"}}},"required":true},"summary":"Logging in a customer","tags":["Authentication and authorization"]}}}}
```

## Logging out a customer

> Logs out a customer and invalidates their customer token.\
> \
> \*\*Note\*\*: The request needs to be authorized with a customer access token.

```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io"}],"security":[{"CustomerAccessToken":[]}],"components":{"securitySchemes":{"CustomerAccessToken":{"type":"http","scheme":"bearer","description":"To generate a customer access token, go to the 'Logging in a customer' endpoint."}},"responses":{"400_bad_request":{"description":"Request was syntactically incorrect. Details will be provided in the response payload.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}},"401_unauthorized":{"description":"Unauthorized","content":{"application/json":{"schema":{"type":"object","properties":{"fault":{"type":"object","properties":{"faultstring":{"type":"string"},"detail":{"type":"object","properties":{"errorcode":{"type":"string"}}}}}}}}}}},"schemas":{"ErrorMessage":{"title":"","description":"Schema for API-specific errors.","type":"object","properties":{"status":{"minimum":100,"maximum":599,"description":"Original HTTP error code. It should be consistent with the HTTP response code.","type":"integer"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `validation_failure`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."},"details":{"description":"List of problems causing the error.","type":"array","items":{"title":"errorDetail","description":"Specific error cause.","type":"object","properties":{"field":{"description":"Element in request data which is causing the error, for example `category.name`.\nIf the violation was not field-specific, this field will be empty.","type":"string"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the specific error cause. This value should always be interpreted within the context of the general error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `missing_value`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."}}}}}}}},"paths":{"/customer/{tenant}/logout":{"get":{"responses":{"204":{"description":"No Content"},"400":{"$ref":"#/components/responses/400_bad_request"},"401":{"$ref":"#/components/responses/401_unauthorized"}},"description":"Logs out a customer and invalidates their customer token.\n\n**Note**: The request needs to be authorized with a customer access token.","operationId":"GET-customer-logout-customer","parameters":[{"name":"accessToken","in":"query","required":true,"description":"Customer access token to be invalidated.","schema":{"type":"string"}}],"tags":["Authentication and authorization"],"summary":"Logging out a customer"}}}}
```

## Refreshing a customer token

> Sends an authentication request and returns a refresh token.\
> \
> \*\*Note\*\*: The request needs to be authorized with an anonymous access token.

```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io"}],"security":[{"AnonymousAccessToken":[]}],"components":{"securitySchemes":{"AnonymousAccessToken":{"type":"http","scheme":"bearer","description":"To generate an anonymous token, check out the 'Requesting an anonymous token' endpoint."}},"schemas":{"RefreshCustomerToken":{"description":"","type":"object","properties":{"accessToken":{"type":"string","minLength":1,"deprecated":true},"expiresIn":{"type":"number","format":"int32","deprecated":true},"refreshToken":{"type":"string","minLength":1,"deprecated":true},"refreshTokenExpiresIn":{"type":"number","format":"int32","deprecated":true},"access_token":{"type":"string","minLength":1},"expires_in":{"type":"number","format":"int32"},"refresh_token":{"type":"string","minLength":1},"refresh_token_expires_in":{"type":"number","format":"int32"},"token_type":{"type":"string"},"session_id":{"type":"string"}}},"ErrorMessage":{"title":"","description":"Schema for API-specific errors.","type":"object","properties":{"status":{"minimum":100,"maximum":599,"description":"Original HTTP error code. It should be consistent with the HTTP response code.","type":"integer"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `validation_failure`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."},"details":{"description":"List of problems causing the error.","type":"array","items":{"title":"errorDetail","description":"Specific error cause.","type":"object","properties":{"field":{"description":"Element in request data which is causing the error, for example `category.name`.\nIf the violation was not field-specific, this field will be empty.","type":"string"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the specific error cause. This value should always be interpreted within the context of the general error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `missing_value`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."}}}}}}},"responses":{"400_bad_request":{"description":"Request was syntactically incorrect. Details will be provided in the response payload.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}},"401_unauthorized":{"description":"Unauthorized","content":{"application/json":{"schema":{"type":"object","properties":{"fault":{"type":"object","properties":{"faultstring":{"type":"string"},"detail":{"type":"object","properties":{"errorcode":{"type":"string"}}}}}}}}}}}},"paths":{"/customer/{tenant}/refreshauthtoken":{"get":{"responses":{"200":{"description":"The request was successful. A refresh token is returned.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RefreshCustomerToken"}}}},"400":{"$ref":"#/components/responses/400_bad_request"},"401":{"$ref":"#/components/responses/401_unauthorized"}},"description":"Sends an authentication request and returns a refresh token.\n\n**Note**: The request needs to be authorized with an anonymous access token.","operationId":"GET-customer-refresh-authtoken","tags":["Authentication and authorization"],"parameters":[{"name":"tenant","in":"path","description":"Name of the tenant.\n\n**Note**: Name of the tenant is always written in lowercase.\n","required":true,"schema":{"type":"string"}},{"name":"Authorization","in":"header","description":"Customer access token generated when the customer token is created.","required":true,"schema":{"type":"string"}},{"name":"refreshToken","in":"query","description":"Customer refresh token generated when a customer token is requested.","required":true,"schema":{"type":"string"}},{"name":"legalEntityId","in":"query","description":"Identifier of the legal entity associated with the user session.","schema":{"type":"string"}}],"summary":"Refreshing a customer token"}}}}
```

## Validate a token

> Checks whether a token is valid. If the token is invalid, it returns a 401 status code. If the token is valid, it provides the token details.

```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io","description":"Production"}],"security":[{"CustomerAccessToken":[]}],"components":{"securitySchemes":{"CustomerAccessToken":{"type":"http","scheme":"bearer","description":"To generate a customer access token, go to the 'Logging in a customer' endpoint."}},"schemas":{"ValidateTokenResponse":{"type":"object","properties":{"token_type":{"type":"string","description":"Type of the token. Usually it's `Bearer`."},"expires_in":{"type":"integer","format":"int32","description":"Specifies the token's expiration time, represented in seconds."},"scope":{"type":"string","description":"A list of scopes assigned to the user."},"sessionId":{"type":"string","description":"Identifier of the user session."},"email":{"type":"string","description":"Customer email used to login (generate the token)."},"legalEntityId":{"type":"string","description":"Legal Entity ID."}}}}},"paths":{"/customer/{tenant}/validateauthtoken":{"get":{"tags":["Authentication and authorization"],"summary":"Validate a token","description":"Checks whether a token is valid. If the token is invalid, it returns a 401 status code. If the token is valid, it provides the token details.","operationId":"GET-customer-validate-token","parameters":[{"name":"tenant","in":"path","description":"Name of the tenant.\n\n**Note**: Name of the tenant is always written in lowercase.\n","required":true,"schema":{"type":"string"}},{"name":"Authorization","in":"header","description":"Customer access token generated upon the customer token creation.","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"The request was successful. A token details are returned.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ValidateTokenResponse"}}}},"401":{"description":"Unauthorized"}}}}}}
```

## Exchanging an external access token for an Emporix customer token

> Exchanges an external access token (for example, from an identity provider such as Keycloak) for an Emporix customer access token.\
> \
> \*\*Note\*\*: The request needs to be authorized with an anonymous token.

```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io"}],"security":[],"paths":{"/customer/{tenant}/exchangeauthtoken":{"post":{"tags":["Authentication and authorization"],"summary":"Exchanging an external access token for an Emporix customer token","description":"Exchanges an external access token (for example, from an identity provider such as Keycloak) for an Emporix customer access token.\n\n**Note**: The request needs to be authorized with an anonymous token.","operationId":"POST-customer-exchange-authtoken","parameters":[{"$ref":"#/components/parameters/tenant"},{"name":"subjectAccessToken","in":"query","description":"The subject access token (JWT) to exchange for a customer token.","required":true,"schema":{"type":"string"}},{"name":"config","in":"query","description":"Configuration identifier (for example, `site_PL`). If not provided, the default configuration is used.\nIf a non-existing configuration is provided, the request returns 400 Bad Request.\n","required":false,"schema":{"type":"string"}},{"name":"Authorization","in":"header","description":"Anonymous token used to authorize the exchange.","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"The request was successful. A customer token is returned.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ExchangeAuthTokenResponse"}}}},"400":{"$ref":"#/components/responses/400_bad_request"},"401":{"$ref":"#/components/responses/401_unauthorized"},"403":{"$ref":"#/components/responses/403_forbidden"}}}}},"components":{"parameters":{"tenant":{"name":"tenant","in":"path","required":true,"description":"Your Emporix tenant name.\n\n**Note**: The tenant should always be written in lowercase.\n","schema":{"pattern":"^[a-z][a-z0-9]+$","minLength":3,"maxLength":16,"type":"string"}}},"schemas":{"ExchangeAuthTokenResponse":{"description":"Response returned when exchanging an external subject access token for an Emporix customer token.","type":"object","properties":{"subject_access_token":{"type":"string","description":"The subject access token (JWT) that was exchanged."},"access_token":{"type":"string","minLength":1,"description":"Customer access token."},"saas_token":{"type":"string","minLength":1,"description":"SaaS token for the session."},"refresh_token":{"type":"string","minLength":1,"description":"Token used to refresh the customer access token."},"refresh_token_expires_in":{"type":"integer","format":"int32","description":"Expiration time of the refresh token in seconds."},"session_idle_time":{"type":"integer","format":"int32","description":"Session idle time in seconds."},"token_type":{"type":"string","description":"Type of the token. Usually `Bearer`."},"expires_in":{"type":"integer","format":"int32","description":"Expiration time of the access token in seconds."},"scope":{"type":"string","description":"List of scopes assigned to the customer."},"session_id":{"type":"string","description":"Session identifier."}}},"ErrorMessage":{"title":"","description":"Schema for API-specific errors.","type":"object","properties":{"status":{"minimum":100,"maximum":599,"description":"Original HTTP error code. It should be consistent with the HTTP response code.","type":"integer"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `validation_failure`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."},"details":{"description":"List of problems causing the error.","type":"array","items":{"title":"errorDetail","description":"Specific error cause.","type":"object","properties":{"field":{"description":"Element in request data which is causing the error, for example `category.name`.\nIf the violation was not field-specific, this field will be empty.","type":"string"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the specific error cause. This value should always be interpreted within the context of the general error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `missing_value`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."}}}}}}},"responses":{"400_bad_request":{"description":"Request was syntactically incorrect. Details will be provided in the response payload.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}},"401_unauthorized":{"description":"Unauthorized","content":{"application/json":{"schema":{"type":"object","properties":{"fault":{"type":"object","properties":{"faultstring":{"type":"string"},"detail":{"type":"object","properties":{"errorcode":{"type":"string"}}}}}}}}}},"403_forbidden":{"description":"Given authorization scopes are not sufficient and do not match scopes required by the endpoint.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}}}}}
```

## Logging in a customer with social login

> Logs in a customer using an authentication code from Auth0 and retrieves a standard customer token.

```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io"}],"security":[{"AnonymousAccessToken":[]}],"components":{"securitySchemes":{"AnonymousAccessToken":{"type":"http","scheme":"bearer","description":"To generate an anonymous token, check out the 'Requesting an anonymous token' endpoint."}},"responses":{"400_bad_request":{"description":"Request was syntactically incorrect. Details will be provided in the response payload.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}},"401_unauthorized":{"description":"Unauthorized","content":{"application/json":{"schema":{"type":"object","properties":{"fault":{"type":"object","properties":{"faultstring":{"type":"string"},"detail":{"type":"object","properties":{"errorcode":{"type":"string"}}}}}}}}}}},"schemas":{"ErrorMessage":{"title":"","description":"Schema for API-specific errors.","type":"object","properties":{"status":{"minimum":100,"maximum":599,"description":"Original HTTP error code. It should be consistent with the HTTP response code.","type":"integer"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `validation_failure`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."},"details":{"description":"List of problems causing the error.","type":"array","items":{"title":"errorDetail","description":"Specific error cause.","type":"object","properties":{"field":{"description":"Element in request data which is causing the error, for example `category.name`.\nIf the violation was not field-specific, this field will be empty.","type":"string"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the specific error cause. This value should always be interpreted within the context of the general error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `missing_value`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."}}}}}}}},"paths":{"/customer/{tenant}/socialLogin":{"post":{"summary":"Logging in a customer with social login","operationId":"POST-customer-login-customer-by-auth0","responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"description":"","type":"object","properties":{"social_access_token":{"type":"string"},"social_id_token":{"type":"string"},"refresh_token":{"type":"string"},"refresh_token_expires_in":{"type":"string"},"session_idle_time":{"type":"integer"},"token_type":{"type":"string"},"access_token":{"type":"string"},"saas_token":{"type":"string"},"expires_in":{"type":"string"},"scope":{"type":"string"}}}}}},"400":{"$ref":"#/components/responses/400_bad_request"},"401":{"$ref":"#/components/responses/401_unauthorized"}},"parameters":[{"schema":{"type":"string"},"in":"header","name":"session-id","description":"Anonymous customer unique session identifier.","required":false},{"schema":{"type":"string"},"in":"query","name":"code","description":"The authorization code received from the identity provider.","required":true},{"schema":{"type":"string"},"in":"query","name":"redirect_uri","description":"The redirect URI that was used in the initial authorization request.","required":true},{"schema":{"type":"string"},"in":"query","name":"code_verifier","description":"Required only if using PKCE (Proof Key for Code Exchange) flow.","required":false}],"description":"Logs in a customer using an authentication code from Auth0 and retrieves a standard customer token.","tags":["Authentication and authorization"]}}}}
```