login page a.k.a. Authorization

[jialuli3]

Sign Up para: email and password return: Success message or Failure message If successfully sign up, return userID and token with status code 200; otherwise, response with status code 400 POST method example of input

{
    "email":"123@gmail.com",
    "password":"123456",
    "userName":"abc"
}

Success example

{
    "userID": 123,
    "token": 234433
}

Login para: email and password return: userID and token, or failure message If located user, then return an userID and token with status code 200; otherwise, response with status code 400 POST method

{
    "email":"123@gmail.com",
    "password":"123456"
}

Success example

{
    "userID": 234587,
    "token": 22432423
}

Logout para: userID and token return: success message with status code 200, or failure message with status code 400 POST method

{
    "userID":"123234",
    "token":"123456"
}

reset password para: email,new password return: success message or failure message (similar to sign up) Update authorization

{
    "email":"123@gmail.com",
    "password":"123456"
}

[GHLgh]

what is login verification for?

On successful login, a token will be returned. then the token will be used for any update activities. If the token is expired (the user didn't use the token for a while), those update activities will return corresponding error message

[jialuli3]

I thought we don't use token for our case.

[GHLgh]

Uhh. Whatever you call it, "token" is just something for validation that is not part of user information.

Maybe there is misunderstanding somewhere, using userID earlier (in all other APIs) is because there is not login and thus there is no token to be used. But after login is implemented, then we can generate token upon user login, and use it. Because we have token now.

And again, what is login verification for?

[jialuli3]

I thought we don't use token, so login verification is just to check whether current userID is valid or not. But if we use token, then we check if the token is valid.