17.2. Loginapp REST API

The Loginapp REST API provides REST end-points for end-users. It is intended to be used by:

  • The Loginapp REST UI (login web browser application)
  • Custom login web applications
  • Mobile apps
  • Other REST clients (e.g. banking offline tools).

Note that there is also a web UI (web browser application) for the Loginapp REST API. See 17.3. Loginapp REST UI for further information.

  • This chapter is about the REST API only.
  • See Loginapp REST API Reference for all available end-points and additional general information.

API Structure

The Loginapp REST API is roughly structured in the following parts:

  • Public end-points (authentication, self-registration, and other self-services)
  • Protected end-points (token self-management, user profile self-management, etc.)
  • OAuth Authorization Server end-points (OAuth/OIDC related)

General information

When sending REST requests to the API, pay special attention to:

  • Include a CSRF protection header (X-Same-Domain: 1)
  • Add the correct content-type header (Content-Type: application/json)
     

In the general part of the REST API configuration (Loginapp >> REST Settings) make sure to review or change the following general settings (relevant for all services):

  • Config Group Security Settings
  • Config Group Advanced Settings