By default, each verification code is valid for 10 minutes. You need to provide a unique device_id and email combination. The device ID can be any string. We will not store the email, only use it for verifying the client and then from then on we would tie reviews to the device_id (which holds no personal information).
The tokens will last 24 hours by default. and then you would need to renew it.
At the moment no route is locked behind the token, but in the near future POST /api/v1/apps/:package/rating and POST /api/v1/apps will require a valid token.
Flows
---
title: Device Registration Flow
---
sequenceDiagram
participant client as Mobile Aplication
participant api as Plexus API
client ->> api: POST /api/v1/devices/register
api -->> api: Send veriication email
api -->> client: OK: Passcode sent to email
client ->> api: POST /api/v1/devices/verify
api -->> client: OK: returns token
---
title: Device Token Renewal Flow
---
sequenceDiagram
participant client as Mobile Aplication
participant api as Plexus API
client ->> api: POST /api/v1/devices/renew
api -->> api: verifies token
api -->> client: OK: returns a new signed token
By default, each verification code is valid for
10minutes. You need to provide a uniquedevice_idandemailcombination. The device ID can be anystring. We will not store the email, only use it for verifying the client and then from then on we would tie reviews to thedevice_id(which holds no personal information).The tokens will last 24 hours by default. and then you would need to
renewit.At the moment no route is locked behind the token, but in the near future
POST /api/v1/apps/:package/ratingandPOST /api/v1/appswill require a valid token.Flows