All request must be signed (see util/signRequest.js for detail).
POST /signup
--
Request
{
method: String, // username/phone
account: String, // username/phone number
secret: String // password
}
Response
[{
_id: String
}]
POST /authorize
--
Request
{
method: String, // username/phone
account: String, // username/phone number
secret: String // password
}
Response
[
{
token: String,
expireAt: Number,
scope: {
scopeId: String,
scopeName: String
}, // only presents when user is owner of an application.
roles: [{
_id: String,
scopeId: String,
scope: String,
scopeName: String,
name: String,
}],
permissions: [{
_id: String,
scopeId: String,
scope: String,
scopeName: String,
name: String,
}],
profiles: [{
application: String
}]
}
]