GET /session/token

Content

Overview
API URLs
API Request Parameters
Revision History

Overview

Successful token redemption initiates a Process defined by ULM Cloud when the token was created. The invoked Process may be a single step (e.g., the Activate User Process verifies a user's email or mobile), or it may lead the user through more interactive steps wherein UIs and mobile apps need to collect additional information (e.g., the Accept or Decline Service Invite Process needs to onboard the invitee).

There are two variations on how action tokens are issued and redeemed:

A long-form, clickable verification link that includes a redirect URL and the actual token value (appended to the end of the URL string). Once the user clicks this link, the redirect URL should navigate back to the client application, and the application provides that token value in this API request URL.

A short-form, custom one-time-passcode (OTP) that represents the token value stored in ULM Cloud. The user must manually supply the OTP to a Process through the application UI, and the UI must then supply both the OTP and its corresponding PKAT in this API request URL.

API URLs

/session/token?token={token}
/session/token?customToken={otp}&pkat={pkat}

API Request Parameters

Parameter	Description
token	Action token value. Taken from the redirect URL.
opt	Short-form One Time Passcode that represents the actual action token issued and stored in ULM Cloud.
pkat	Proof Key for Action Token. Sent to the UI at the end of any Process that results in an action token being issued and sent to a user's specified contact channel. The PKAT is required for OTP verification.

As a UI and/or mobile app developer, you'll need to know your business' notification settings with regards to what token types are sent to your end users. For example, if the system is set up so that OTPs are issued to end users, then your application requires a UI screen that allows a user to provide the OTP to this API.

Revision History

Version	Description
2020.09	Added this topic.