2015-09-14 14:49:27 +02:00
|
|
|
swagger: '2.0'
|
|
|
|
|
info:
|
|
|
|
|
title: "Matrix Client-Server v1 Registration and Login API"
|
|
|
|
|
version: "1.0.0"
|
|
|
|
|
host: localhost:8008
|
|
|
|
|
schemes:
|
|
|
|
|
- https
|
|
|
|
|
- http
|
|
|
|
|
basePath: /_matrix/client/api/v1
|
|
|
|
|
consumes:
|
|
|
|
|
- application/json
|
|
|
|
|
produces:
|
|
|
|
|
- application/json
|
|
|
|
|
securityDefinitions:
|
|
|
|
|
accessToken:
|
|
|
|
|
type: apiKey
|
|
|
|
|
description: The user_id or application service access_token
|
|
|
|
|
name: access_token
|
|
|
|
|
in: query
|
|
|
|
|
paths:
|
|
|
|
|
"/login":
|
|
|
|
|
post:
|
|
|
|
|
summary: Authenticates the user.
|
|
|
|
|
description: |-
|
|
|
|
|
Authenticates the user by password, and issues an access token they can
|
|
|
|
|
use to authorize themself in subsequent requests.
|
|
|
|
|
security:
|
|
|
|
|
- accessToken: []
|
|
|
|
|
parameters:
|
|
|
|
|
- in: body
|
|
|
|
|
name: body
|
|
|
|
|
schema:
|
|
|
|
|
type: object
|
|
|
|
|
example: |-
|
|
|
|
|
{
|
|
|
|
|
"username": "cheeky_monkey",
|
|
|
|
|
"password": "ilovebananas"
|
|
|
|
|
}
|
|
|
|
|
properties:
|
|
|
|
|
username:
|
|
|
|
|
type: string
|
|
|
|
|
description: The fully qualified user ID or just local part of the user ID, to log in.
|
|
|
|
|
password:
|
|
|
|
|
type: string
|
|
|
|
|
description: The user's password.
|
|
|
|
|
required: ["username", "password"]
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: The user has been authenticated.
|
|
|
|
|
examples:
|
|
|
|
|
application/json: |-
|
|
|
|
|
{
|
|
|
|
|
"user_id": "@cheeky_monkey:matrix.org",
|
|
|
|
|
"access_token": "abc123",
|
|
|
|
|
"home_server": "matrix.org"
|
|
|
|
|
}
|
|
|
|
|
schema:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
user_id:
|
|
|
|
|
type: string
|
|
|
|
|
description: The fully-qualified Matrix ID that has been registered.
|
|
|
|
|
access_token:
|
|
|
|
|
type: string
|
2015-09-15 17:23:19 +02:00
|
|
|
description: |-
|
|
|
|
|
An access token for the account.
|
|
|
|
|
This access token can then be used to authorize other requests.
|
2015-09-25 14:03:46 +02:00
|
|
|
The access token may expire at some point, and if so, it SHOULD come with a ``refresh_token``.
|
2015-09-15 17:23:19 +02:00
|
|
|
There is no specific error message to indicate that a request has failed because
|
|
|
|
|
an access token has expired; instead, if a client has reason to believe its
|
|
|
|
|
access token is valid, and it receives an auth error, they should attempt to
|
|
|
|
|
refresh for a new token on failure, and retry the request with the new token.
|
|
|
|
|
refresh_token:
|
|
|
|
|
type: string
|
|
|
|
|
# TODO: Work out how to linkify /tokenrefresh
|
|
|
|
|
description: |-
|
|
|
|
|
(optional) A ``refresh_token`` may be exchanged for a new ``access_token`` using the /tokenrefresh API endpoint.
|
2015-09-14 14:49:27 +02:00
|
|
|
home_server:
|
|
|
|
|
type: string
|
|
|
|
|
description: The hostname of the Home Server on which the account has been registered.
|
|
|
|
|
403:
|
|
|
|
|
description: |-
|
|
|
|
|
The login attempt failed. For example, the password may have been incorrect.
|
|
|
|
|
examples:
|
|
|
|
|
application/json: |-
|
|
|
|
|
{"errcode": "M_FORBIDDEN"}
|
|
|
|
|
429:
|
|
|
|
|
description: This request was rate-limited.
|
|
|
|
|
schema:
|
|
|
|
|
"$ref": "definitions/error.yaml"
|
2015-09-15 17:23:19 +02:00
|
|
|
"/tokenrefresh":
|
|
|
|
|
post:
|
|
|
|
|
summary: Exchanges a refresh token for an access token.
|
|
|
|
|
description: |-
|
|
|
|
|
Exchanges a refresh token for a new access token.
|
|
|
|
|
This is intended to be used if the access token has expired.
|
|
|
|
|
security:
|
|
|
|
|
- accessToken: []
|
|
|
|
|
parameters:
|
|
|
|
|
- in: body
|
|
|
|
|
name: body
|
|
|
|
|
schema:
|
|
|
|
|
type: object
|
|
|
|
|
example: |-
|
|
|
|
|
{
|
|
|
|
|
"refresh_token": "a1b2c3"
|
|
|
|
|
}
|
|
|
|
|
properties:
|
|
|
|
|
refresh_token:
|
|
|
|
|
type: string
|
|
|
|
|
description: The refresh token which was issued by the server.
|
|
|
|
|
required: ["refresh_token"]
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: |-
|
|
|
|
|
The refresh token was accepted, and a new access token has been issued.
|
2015-09-25 14:10:49 +02:00
|
|
|
The passed refresh token is no longer valid and cannot be used.
|
2015-09-25 14:17:11 +02:00
|
|
|
A new refresh token will have been returned unless some policy does
|
|
|
|
|
not allow the user to continue to renew their session.
|
2015-09-15 17:23:19 +02:00
|
|
|
examples:
|
|
|
|
|
application/json: |-
|
|
|
|
|
{
|
|
|
|
|
"access_token": "bearwithme123",
|
|
|
|
|
"refresh_token": "exchangewithme987"
|
|
|
|
|
}
|
|
|
|
|
schema:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
access_token:
|
|
|
|
|
type: string
|
|
|
|
|
description: |-
|
|
|
|
|
An access token for the account.
|
|
|
|
|
This access token can then be used to authorize other requests.
|
2015-09-25 14:03:46 +02:00
|
|
|
The access token may expire at some point, and if so, it SHOULD come with a ``refresh_token``.
|
2015-09-15 17:23:19 +02:00
|
|
|
refresh_token:
|
|
|
|
|
type: string
|
|
|
|
|
description: (optional) A ``refresh_token`` may be exchanged for a new ``access_token`` using the TODO Linkify /tokenrefresh API endpoint.
|
|
|
|
|
403:
|
|
|
|
|
description: |-
|
|
|
|
|
The exchange attempt failed. For example, the refresh token may have already been used.
|
|
|
|
|
examples:
|
|
|
|
|
application/json: |-
|
|
|
|
|
{"errcode": "M_FORBIDDEN"}
|
|
|
|
|
429:
|
|
|
|
|
description: This request was rate-limited.
|
|
|
|
|
schema:
|
|
|
|
|
"$ref": "definitions/error.yaml"
|
