Identity Management

POST /signin

Requires authentication with server access token.

This endpoint generates an unique token (5 minutes of expiration time) sent to user's e-mail, that allows user to log-in to Schibsted account without providing his/hers credentials.

  • Only one token per user can be active at one time.
  • User doesn't have to be previously registered at Schibsted account.

You can further improve user's experience by setting context of token e-mail & confirmation page by providing a Client information.

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave us a comment.

Request

POST /api/2/signin

identifier

required

Email of the user

redirectUri

required

Where to redirect the user after completing signin request

remember

optional

Remember user on this device. 0 or 1, defaults to 1 which is remember

context

optional

Example request

curl
Minimal example
curl https://login.schibsted.com/api/2/signin \
   -X POST \
   -H "Authorization: Bearer [access token]" \
   -d "identifier=14" \
   -d "redirectUri=http://somewhere.com/else/"
With all parameters
curl https://login.schibsted.com/api/2/signin \
   -X POST \
   -H "Authorization: Bearer [access token]" \
   -d "identifier=14" \
   -d "redirectUri=http://somewhere.com/else/" \
   -d "remember=1" \
   -d "context=Foo bar"

Response

This endpoint supports the JSON response format.

Success: 201 Created

Created a new signin request

Failure cases

Some HTTP response codes are used for multiple error situations. There is no consistent way to tell these apart, but the error object will contain a textual explanation of the reason for the error. For explanation on OAuth related failures and errors see OAuth authentication failures.

  • 302 Found The email address is blocked
  • 400 Bad Request Signin request could not be created
  • 400 Bad Request Required identifier parameter is missing
  • 400 Bad Request Required identifier parameter is invalid
  • 400 Bad Request Required redirectUri parameter is missing
  • 400 Bad Request Required redirectUri parameter is invalid or not matching requesting client
  • 401 Unauthorized You don't have administration rights for this client.
  • 401 Unauthorized Your client doesn't have administration rights for this client.
  • 403 Forbidden Client is not authorized to access this API endpoint. Contact Schibsted account to request access.
  • 403 Forbidden Requesting IP is not whitelisted
  • 403 Forbidden Access token rejected
  • 404 Not Found Unknown client ID
  • 404 Not Found Client ID mismatch. The client making the request is no the owner of this resource, and does not have administrative privileges for it.
  • 409 Conflict Signin request could not be created
  • 420 Request Ratelimit exceeded

Sample response

JSON
"Signin request created and sent"

Comments/feedback

Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. SPiD reads and responds to every question. Additionally, your experience can help others using SPiD, and it can help us continuously improve our documentation.