Passwordless Login API¶
Description¶
A user can be logged in without a password using the API documented below.
This functionality can be used only in CloudCode (Java, JS or Codeless), the reason for this restriction is that a malicious use of this API can easily compromise application's security. As a result, this API must be used from a controlled environment. It is important the REST API is used with the CloudCode API key.
Method¶
POST
Endpoint URL¶
https://api.backendless.com/<application-id>/<CLOUDCODE-api-key>/users/login
where:
| Argument | Description |
|---|---|
<application-id> |
the ID of your application. You can obtain the value in the Manage > App Settings section of the Backendless Console. |
<CLOUDCODE-api-key> |
CloudCode API key of your application. You can obtain the value in the Manage > App Settings section of the Backendless Console. |
Request Headers¶
Content-Type:application/json
where:
| Argument | Description |
|---|---|
Content-Type |
must be set to application/json. This header is mandatory. |
Request Body¶
{
"objectId" : "user's objectId value"
}
where:
| Argument | Description |
|---|---|
objectId |
Unique identifier of the user account which is used for login operation. |
Response Body¶
The user object containing user data.
{
"objectId" : value,
"user-token": value,
"prop-name1":value,
"prop-name2":value,
"prop-name3":value,
...
}
The "objectId" property is a unique identifier assigned by Backendless to the user account. The "user-token" value identifies the user session initiated by the Login operation.
Example¶
The example below logs in as the user account associated with the following objectId: "4D584E4D-05A3-4AC4-90C7-B80D1584E7AD".
curl --location --request POST 'https://api.backendless.com/28066942-8273-BE6Q-AAD4-A1ZK34948E11/DCBACAA6-EF5B-49AA-8013-7BDF7A3A9A6B/users/login' \
--header 'Content-Type: application/json' \
--data-raw '{
"objectId": "4D584E4D-05A3-4AC4-90C7-B80D1584E7AD"
}'
CloudCode Codeless Reference¶
where:
| Argument | Description |
|---|---|
object id |
Unique identifier of the user account which is used for login operation. |
return user |
Optional parameter. When this option is checked, the operation returns the userobject containing user data. |
Important
This Codeless block is only available in CloudCode due to the security reasons. If this operation is exposed to users, then your application can be compromised.
This operation allows developers to log in to a specific user account without credentials such as identity or password. The operation only requires a unique identifier of a user (object id).
Consider the following record in the Users data table:
The example below logs in as "alice@yourmail.com" associated with the objectId: "4D584E4D-05A3-4AC4-90C7-B80D1584E7AD".
The user object will look as shown below after the Codeless logic runs:
