Loginapp REST API

The Loginapp REST API provides REST end-points for end-users. It is intended to be used by:

• The Loginapp REST UI (login web browser application)
• Custom login web applications
• Mobile apps
• Other REST clients (e.g. banking offline tools).

Note that there is also a web UI (web browser application) for the Loginapp REST API. See Loginapp REST UI for further information.

• This chapter is about the REST API only.
• See Loginapp REST API Reference for all available end-points and additional general information.

The Loginapp REST API is roughly structured in the following parts:

• Public end-points (authentication, self-registration, and other self-services)
• Protected end-points (token self-management, user profile self-management, etc.)
• OAuth Authorization Server end-points (OAuth/OIDC related)

When sending REST requests to the API, pay special attention to:

• Include a CSRF protection header (X-Same-Domain: 1)
• Add the correct content-type header (Content-Type: application/json)
 

In the general part of the REST API configuration (Loginapp >> REST Settings) make sure to review or change the following general settings (relevant for all services):

• Config Group Security Settings
• Config Group Advanced Settings

• Loginapp REST UI
• Mapping Flow steps to REST API next step codes