Registering for an account

POST /auth/register/

Registers a new pointercrate account.

When registering, you only choose your username and your password. The username may only contain alphnumerical characters, underscores and spaces, and needs to be at least 3 characters long. The password must be at least 10 characters long and has no further restrictions imposed.

The username isn't changable afterward, but you can set your display_name to nearly any value you want via PATCH /auth/me/.

Registering for an account does not provide an access token, it needs to be aquired by using the login endpoint.

Request:

Header Expected Value Optional
Content-Type application/json or multipart/form-data false
Field Type Description Optional
name string Your username false
password string Your password false

Response: 201 CREATED

Header Value
Content-Type application/json
Location /auth/me/
ETag base64 encoded hash of your user object
Field Type Description
data User A user object representing your newly registered account

Errors:

Status code Error code Description
409 40902 The chosen name is already in use
422 42202 The chosen name does not meet the above mentioned criteria
422 42204 The chosen password is too short

Example request:

POST /api/v1/auth/register/
     Accept: application/json
     Content-Type: application/json
     
     {
         "name": "stadust",
         "password": "password123"
     }

Login to a pointercrate account

POST /auth/

Logs into an existing pointercrate user account.

Request:

Header Expected Value Optional
Authorization Basic access authentication header false

Response: 200 OK

Header Value
Content-Type application/json
ETag base64 encoded hash of your user object
Field Type Description
data User A user object representing the account you just logged into
token Pointercrate access token Your access token to use when performing requests to the pointercrate api

Example request:

POST /api/v1/auth/
     Accept: application/json
     Authorization: Basic <omitter>

Invalidating access tokens

POST /auth/invalidate/

Invalidates all access tokens to your account.

Request:

Header Expected Value Optional
Authorization Basic access authentication header false

Response: 204 NO CONTENT

Nothing

Example request:

POST /api/v1/auth/invalidate/
     Accept: application/json
     Authorization: Basic <omitted>

Retrieve account information

GET /auth/me/

Gets information about the currently logged in account (that is, the account whose access token is sent).

Request:

Header Expected Value Optional
Authorization Pointercrate access token false
If-Match Conditional request header. If the etag value of the requested data matches any of the here provided values, the data is returned as requested. Otherwise a 412 PRECONDITION FAILED response is generated true
If-None-Match Conditional request header. If the etag value of the requested data does not match any of the here provided values, if it returned as requested. Otherwise, a 304 NOT MODIFED response is generated true

Response: 200 OK

Header Value
Content-Type application/json
ETag base64 encoded hash of your user object
Field Type Description
data User A user object representing the account you just logged into

Response: 304 NOT MODIFIED

Returned if the If-None-Match header is set, and the etag for the user object matches one of the set values.

Header Value
ETag base64 encoded hash of your user object

Example request:

GET /api/v1/auth/me/
     Accept: application/json
     Authorization: Bearer <omitted>

Modifying your account

PATCH /auth/me/

Modifies the currently logged in account (that is, the account whose credentials are sent).

Note that after updating your password, you will have to log in again, as changing passwords invalidates access tokens.

Modifying your account requires you to provide your password instead of just an access token, to ensure that if you for some reason leak your access token, other people at least cannot change your password, allowing you to invalidate the leaked token by doing so yourself.

Request:

Header Expected Value Optional
Content-Type application/merge-patch+json false
Authorization Basic access authentication header false
If-Match Conditional request header. Needs to be set to the current etag value of the user object false
Field Type Description Optional
password string Set to update your password true
display_name string Set to update your diplay name. Set to null to reset it true
youtube_channel string Set to update the link to your youtube channel displayed along with your name true

Response: 200 OK

Header Value
Content-Type application/json
ETag base64 encoded hash of your user object
Field Type Description
data User A user object representing the account you just logged into

Response: 304 NOT MODIFIED

Returned when the PATCH operation did not make any changes. Note that this is also returned when you only change your password, as you hashed password is not part of your user object hash.

Header Value
ETag base64 encoded hash of your user object

Errors:

Status code Error code Description
400 40003 Invalid data type for requested field
403 40302 The requested field cannot be updated via this endpoint
412 41200 The value provided in the If-Match header doesn't match the current state of the object
418 41800 No If-Match header was provided
422 42202 The choosen name does not meet the criteria described here
422 42204 The choosen password is too short
422 42205 The requested field does not exist
422 42211 null is not allowed for the requested field

Example request:

PATCH /api/v1/auth/me/
     Accept: application/json
     Authorization: Basic <omitted>
     Content-Type: application/merge-patch+json
     If-Match: ugiyhd6DWxIBtdbUlB3UhPbJppU=
     
     {
         "display_name": "stardust1971",
         "password": "password1234"
     }

Deleting your account

DELETE /auth/me/

Deletes your pointercrate account. Note that this action is irreversible!

Deleting your account requires you to provide your password instead of just an access token, to ensure that if you for some reason leak your access token, other people at least cannot delete your account.

Request:

Header Expected Value Optional
Authorization Basic access authentication header false
If-Match Conditional request header. Needs to be set to the current etag value of the user object false

Response: 204 NO CONTENT

Nothing

Errors:

Status code Error code Description
412 41200 The value provided in the If-Match header doesn't match the current state of the object
418 41800 No If-Match header was provided

Example request:

DELETE /appi/v1/auth/me/
     Accept: application/json
     Authorization: Basic <omitted>