MENU navbar-image

Introduction

Welcome to our API documentation!

Base URL

https://app.trustedlogin.com

Authenticating requests

This API is not authenticated.

Accounts API

APIs for interacting with a TrustedLogin SaaS account, also known as a Team.

Verify Team Account.

Verifies that the settings on a Vendor's site are correct, and updates the API endpoint for this account. Upon successful verification, saves the API endpoint to the Team profile and logs the verification process. Returns the Team account details if successful or appropriate error responses for failure scenarios.

Note: New API endpoints and additional API controller actions can be found in the TeamApiController class, located at https://github.com/trustedlogin/trustedlogin-ecommerce/blob/php8-diff/app/Http/Controllers/TeamApiController.php

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->post(
    'https://app.trustedlogin.com/api/v1/accounts/accusamus',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
            'X-TL-TOKEN' => 'SHA-256 hash of the public key and API key for this team',
        ],
        'json' => [
            'api_endpoint' => 'https://example.com/wp-json/',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request POST \
    "https://app.trustedlogin.com/api/v1/accounts/accusamus" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --header "X-TL-TOKEN: SHA-256 hash of the public key and API key for this team" \
    --data "{
    \"api_endpoint\": \"https:\\/\\/example.com\\/wp-json\\/\"
}"

const url = new URL(
    "https://app.trustedlogin.com/api/v1/accounts/accusamus"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
    "X-TL-TOKEN": "SHA-256 hash of the public key and API key for this team",
};

let body = {
    "api_endpoint": "https:\/\/example.com\/wp-json\/"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


{
       "id": 4,
       "name": "sdsdf",
       "status": "active",
}

Example response (402):


{
    "error": "true",
    "message": "You do not have a valid TrustedLogin subscription"
}

Example response (403):


{
    "error": "true",
    "message": "You can not access this team"
}

Example response (404):


{
    "error": "true",
    "message": "Team Not Found"
}

Example response (422):


{
    "message": "The given data was invalid.",
    "errors": {
        "api_endpoint": [
            "The api endpoint field is required."
        ]
    }
}

Request      

POST api/v1/accounts/{accountId}

URL Parameters

accountId  string  

Body Parameters

api_endpoint  string  

The URL to the Vendor's WordPress REST API Endpoint.

Endpoints

POST api/v1/sites/{secret_id}/verify-identifier

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->post(
    'https://app.trustedlogin.com/api/v1/sites/1/verify-identifier',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
        'json' => [
            'timestamp' => 5,
            'user_agent' => 'pneoviiygiztrtvlyjzhisacxgnerfrscjowkicouzbzehhsaoahlwssxichesdwvfovvv',
            'user_ip' => '228.197.30.63',
            'site_url' => 'saepe',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request POST \
    "https://app.trustedlogin.com/api/v1/sites/1/verify-identifier" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"timestamp\": 5,
    \"user_agent\": \"pneoviiygiztrtvlyjzhisacxgnerfrscjowkicouzbzehhsaoahlwssxichesdwvfovvv\",
    \"user_ip\": \"228.197.30.63\",
    \"site_url\": \"saepe\"
}"

const url = new URL(
    "https://app.trustedlogin.com/api/v1/sites/1/verify-identifier"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "timestamp": 5,
    "user_agent": "pneoviiygiztrtvlyjzhisacxgnerfrscjowkicouzbzehhsaoahlwssxichesdwvfovvv",
    "user_ip": "228.197.30.63",
    "site_url": "saepe"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Request      

POST api/v1/sites/{secret_id}/verify-identifier

URL Parameters

secret_id  integer  

The ID of the secret.

Body Parameters

timestamp  integer  

user_agent  string  

Must not be greater than 255 characters.

user_ip  string optional  

Must be a valid IP address.

site_url  string  

Report Brute Force Attempt.

Report that someone has tripped the lockdown on a client site.

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->post(
    'https://app.trustedlogin.com/api/v1/report-brute-force',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
            'Authorization' => 'Public Key as Bearer Token',
        ],
        'json' => [
            'timestamp' => 'voluptatem',
            'user_agent' => 'provident',
            'user_ip' => 'illum',
            'site_url' => 'https://example.com/',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request POST \
    "https://app.trustedlogin.com/api/v1/report-brute-force" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --header "Authorization: Public Key as Bearer Token" \
    --data "{
    \"timestamp\": \"voluptatem\",
    \"user_agent\": \"provident\",
    \"user_ip\": \"illum\",
    \"site_url\": \"https:\\/\\/example.com\\/\"
}"

const url = new URL(
    "https://app.trustedlogin.com/api/v1/report-brute-force"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
    "Authorization": "Public Key as Bearer Token",
};

let body = {
    "timestamp": "voluptatem",
    "user_agent": "provident",
    "user_ip": "illum",
    "site_url": "https:\/\/example.com\/"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (204):

[Empty response]

Example response (422):


{
    "errors": {
        "identifier": [
            "The identifier field is required."
        ]
    }
}

Example response (500):


{
    "message": "Description of error"
}

Request      

POST api/v1/report-brute-force

Body Parameters

timestamp  timestamp optional  

The timestamp when the lockdown was initiated

user_agent  string optional  

The HTTP User Agent reported by the user

user_ip  string optional  

The user's IP address

site_url  string optional  

The URL of the site.

GET api/v1/logs/logins/{teamId}

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->get(
    'https://app.trustedlogin.com/api/v1/logs/logins/eligendi',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request GET \
    --get "https://app.trustedlogin.com/api/v1/logs/logins/eligendi" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/logs/logins/eligendi"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Request      

GET api/v1/logs/logins/{teamId}

URL Parameters

teamId  string  

GET api/v1/logs/logins/{teamId}/site/{siteId}

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->get(
    'https://app.trustedlogin.com/api/v1/logs/logins/quibusdam/site/1',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request GET \
    --get "https://app.trustedlogin.com/api/v1/logs/logins/quibusdam/site/1" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/logs/logins/quibusdam/site/1"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Request      

GET api/v1/logs/logins/{teamId}/site/{siteId}

URL Parameters

teamId  string  

siteId  integer  

GET api/v1/envelope-signing-public-key

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->get(
    'https://app.trustedlogin.com/api/v1/envelope-signing-public-key',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request GET \
    --get "https://app.trustedlogin.com/api/v1/envelope-signing-public-key" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/envelope-signing-public-key"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Request      

GET api/v1/envelope-signing-public-key

POST /api/v1/sites/{secret_id}/login-attempts

Customer site reports a failed support login. Authed via CheckPublicKeyFromBearerToken; rate-limited per-secret + per-team.

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->post(
    'https://app.trustedlogin.com/api/v1/sites/1/login-attempts',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
        'json' => [
            'code' => 'endpoint_mismatch',
            'detailed_reason' => 'qudbdiukajcispdmnieyeycdnykvykzunbwcsgdmpobfcfhuwkgtomwohhhjztboyzhaymshfwsrmiqyqavdtxglprsucfgrqydoyyighdptrsjyqojcqayymqehlectktanvwncstrlcaweptomuikltntfmnzxvqzjydbcseensqycouveajvxfqxvnndklrytkjrkulxlvcnrflfrmkegjuikznxtjjolixqdrbbjvicklxftvpbitybldouysfiuytprgxaakalhzcjhxbhlcupjaekhldfttypgbjlqqrfcynonsqrommosehlezohkgsaebraljugatkbreybkaysssfofipweankxpouxlisxjajrcaejkywxmshvkvnbmozmrqqqrwvutygyiqfhofcixyscfrbziwlggidylojocchebavmkajibnbdgeunjywcvhwtdoretkroyiuwmhzlxmnikagrmokizuextqrglaeontjvfgduwpjgkzwitijiwnfxlrzwidwtcfmlonqqqmtmiqhpgflccoynnkeefrwjlwmkyitbksbcigasaeqzcxbugvbydjpufxaujrvyomrbxgxbztbiglfjxgpmkpuuxqhcnngmxomipmriftleinvdtaaqmelymkrvvzkslqxqhdctjcvlsgvqinbpzoukqwybtupjqkwnxtgrbeiizagnmajbdywrguphnsobfvbpiyizqvxezxqtekgysgpioxlzkpvzjjpiaxmchnozkdsuhjbeidviwxlimwsbqfhpwnxmvzfwcqqxlmypupbpftgdgmqgfamhmsubkqrxoqsyhnvpceevwjzvuhuzvseqyoptvmvrkmizvllpeqhesdcurpjrpnhrjjhnnsnenboyunxwgrzdtzycuirwpzwgtvevohmitqimlcbesufhgncynmuienjdubshhyvgyuwblonrosxngfwcnzpyqhgjvljfzypohrzocmnxlcrdedsjlxwtoridksovveuuhzyvwzrjnkadzvtlwwnqdodfozavwvugbndkclxtunzrhlphzkmepkieovmzmykwikohjtjrguvkdgnrouybdmzbibtbmsahrunzupmnwxyujdoglsctvlpmbywhrxcdbhpzycveloszsghtlsxwyjbjyspgimlukfmjtwxxismyxfjftqasdcbkergyfckzxzwrhyjcxehpsgf',
            'identifier_hash' => 'rvlhlwoxzizzunzqeatblgymtflhdkjmzgsbawqpkigiabnawwffcnmixwtglruk',
            'client_site_url' => 'ysjbrdcxmsmvzzloehjijiryuypbkglaspwievvfljmwzraqpyuubdievjktocbdwwrtfhncvuqewuzbokyatewlqxbwfkwshlklywvbhzlxiyaysogimbblltbcwtdunpoczdcgyqnfnnwdggpbhrsvdpovnxgauqxjyrqfjkijhyrbhdkftvncrnzwkzvbipzlfxwoxkazedokbainjiubnpjjdqgzbigiqobrrznmswhepvcdkuypyebleavlixgvzipighridmzzlqavbwgeddsmzfacrnmsansbfzyljpqijqqqxkahlrkoglmhznjzgvzuxdzpnrehjekrngspwkwmlnzipbikaijfipyslkcgkucdduvoxezwhhrhovtwgceoqnwsgndtfxldbzfyjfggwrqyldwjpivtijpm',
            'client_user_agent' => 'oalgblalwklbsuipscmowkgwujdjowrtowqfuamrddmkjqeaxlqbthggtgqhnmquazvdjnlivbkzwlpawdqowcwczmxskxgssbjbwwdufztfgnvrtvkzvnpfijlpcmowktdfzwkvghhfzysyfurdoizbnorhjghkyzwuhgvhvbfsflmiojrvfiojuoayaxbbihzocctzeapbypeknrgyrjvoenyepetlkedmf',
            'client_ip' => '202.177.232.25',
            'attempted_at' => '2023-05-15',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request POST \
    "https://app.trustedlogin.com/api/v1/sites/1/login-attempts" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"code\": \"endpoint_mismatch\",
    \"detailed_reason\": \"qudbdiukajcispdmnieyeycdnykvykzunbwcsgdmpobfcfhuwkgtomwohhhjztboyzhaymshfwsrmiqyqavdtxglprsucfgrqydoyyighdptrsjyqojcqayymqehlectktanvwncstrlcaweptomuikltntfmnzxvqzjydbcseensqycouveajvxfqxvnndklrytkjrkulxlvcnrflfrmkegjuikznxtjjolixqdrbbjvicklxftvpbitybldouysfiuytprgxaakalhzcjhxbhlcupjaekhldfttypgbjlqqrfcynonsqrommosehlezohkgsaebraljugatkbreybkaysssfofipweankxpouxlisxjajrcaejkywxmshvkvnbmozmrqqqrwvutygyiqfhofcixyscfrbziwlggidylojocchebavmkajibnbdgeunjywcvhwtdoretkroyiuwmhzlxmnikagrmokizuextqrglaeontjvfgduwpjgkzwitijiwnfxlrzwidwtcfmlonqqqmtmiqhpgflccoynnkeefrwjlwmkyitbksbcigasaeqzcxbugvbydjpufxaujrvyomrbxgxbztbiglfjxgpmkpuuxqhcnngmxomipmriftleinvdtaaqmelymkrvvzkslqxqhdctjcvlsgvqinbpzoukqwybtupjqkwnxtgrbeiizagnmajbdywrguphnsobfvbpiyizqvxezxqtekgysgpioxlzkpvzjjpiaxmchnozkdsuhjbeidviwxlimwsbqfhpwnxmvzfwcqqxlmypupbpftgdgmqgfamhmsubkqrxoqsyhnvpceevwjzvuhuzvseqyoptvmvrkmizvllpeqhesdcurpjrpnhrjjhnnsnenboyunxwgrzdtzycuirwpzwgtvevohmitqimlcbesufhgncynmuienjdubshhyvgyuwblonrosxngfwcnzpyqhgjvljfzypohrzocmnxlcrdedsjlxwtoridksovveuuhzyvwzrjnkadzvtlwwnqdodfozavwvugbndkclxtunzrhlphzkmepkieovmzmykwikohjtjrguvkdgnrouybdmzbibtbmsahrunzupmnwxyujdoglsctvlpmbywhrxcdbhpzycveloszsghtlsxwyjbjyspgimlukfmjtwxxismyxfjftqasdcbkergyfckzxzwrhyjcxehpsgf\",
    \"identifier_hash\": \"rvlhlwoxzizzunzqeatblgymtflhdkjmzgsbawqpkigiabnawwffcnmixwtglruk\",
    \"client_site_url\": \"ysjbrdcxmsmvzzloehjijiryuypbkglaspwievvfljmwzraqpyuubdievjktocbdwwrtfhncvuqewuzbokyatewlqxbwfkwshlklywvbhzlxiyaysogimbblltbcwtdunpoczdcgyqnfnnwdggpbhrsvdpovnxgauqxjyrqfjkijhyrbhdkftvncrnzwkzvbipzlfxwoxkazedokbainjiubnpjjdqgzbigiqobrrznmswhepvcdkuypyebleavlixgvzipighridmzzlqavbwgeddsmzfacrnmsansbfzyljpqijqqqxkahlrkoglmhznjzgvzuxdzpnrehjekrngspwkwmlnzipbikaijfipyslkcgkucdduvoxezwhhrhovtwgceoqnwsgndtfxldbzfyjfggwrqyldwjpivtijpm\",
    \"client_user_agent\": \"oalgblalwklbsuipscmowkgwujdjowrtowqfuamrddmkjqeaxlqbthggtgqhnmquazvdjnlivbkzwlpawdqowcwczmxskxgssbjbwwdufztfgnvrtvkzvnpfijlpcmowktdfzwkvghhfzysyfurdoizbnorhjghkyzwuhgvhvbfsflmiojrvfiojuoayaxbbihzocctzeapbypeknrgyrjvoenyepetlkedmf\",
    \"client_ip\": \"202.177.232.25\",
    \"attempted_at\": \"2023-05-15\"
}"

const url = new URL(
    "https://app.trustedlogin.com/api/v1/sites/1/login-attempts"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "code": "endpoint_mismatch",
    "detailed_reason": "qudbdiukajcispdmnieyeycdnykvykzunbwcsgdmpobfcfhuwkgtomwohhhjztboyzhaymshfwsrmiqyqavdtxglprsucfgrqydoyyighdptrsjyqojcqayymqehlectktanvwncstrlcaweptomuikltntfmnzxvqzjydbcseensqycouveajvxfqxvnndklrytkjrkulxlvcnrflfrmkegjuikznxtjjolixqdrbbjvicklxftvpbitybldouysfiuytprgxaakalhzcjhxbhlcupjaekhldfttypgbjlqqrfcynonsqrommosehlezohkgsaebraljugatkbreybkaysssfofipweankxpouxlisxjajrcaejkywxmshvkvnbmozmrqqqrwvutygyiqfhofcixyscfrbziwlggidylojocchebavmkajibnbdgeunjywcvhwtdoretkroyiuwmhzlxmnikagrmokizuextqrglaeontjvfgduwpjgkzwitijiwnfxlrzwidwtcfmlonqqqmtmiqhpgflccoynnkeefrwjlwmkyitbksbcigasaeqzcxbugvbydjpufxaujrvyomrbxgxbztbiglfjxgpmkpuuxqhcnngmxomipmriftleinvdtaaqmelymkrvvzkslqxqhdctjcvlsgvqinbpzoukqwybtupjqkwnxtgrbeiizagnmajbdywrguphnsobfvbpiyizqvxezxqtekgysgpioxlzkpvzjjpiaxmchnozkdsuhjbeidviwxlimwsbqfhpwnxmvzfwcqqxlmypupbpftgdgmqgfamhmsubkqrxoqsyhnvpceevwjzvuhuzvseqyoptvmvrkmizvllpeqhesdcurpjrpnhrjjhnnsnenboyunxwgrzdtzycuirwpzwgtvevohmitqimlcbesufhgncynmuienjdubshhyvgyuwblonrosxngfwcnzpyqhgjvljfzypohrzocmnxlcrdedsjlxwtoridksovveuuhzyvwzrjnkadzvtlwwnqdodfozavwvugbndkclxtunzrhlphzkmepkieovmzmykwikohjtjrguvkdgnrouybdmzbibtbmsahrunzupmnwxyujdoglsctvlpmbywhrxcdbhpzycveloszsghtlsxwyjbjyspgimlukfmjtwxxismyxfjftqasdcbkergyfckzxzwrhyjcxehpsgf",
    "identifier_hash": "rvlhlwoxzizzunzqeatblgymtflhdkjmzgsbawqpkigiabnawwffcnmixwtglruk",
    "client_site_url": "ysjbrdcxmsmvzzloehjijiryuypbkglaspwievvfljmwzraqpyuubdievjktocbdwwrtfhncvuqewuzbokyatewlqxbwfkwshlklywvbhzlxiyaysogimbblltbcwtdunpoczdcgyqnfnnwdggpbhrsvdpovnxgauqxjyrqfjkijhyrbhdkftvncrnzwkzvbipzlfxwoxkazedokbainjiubnpjjdqgzbigiqobrrznmswhepvcdkuypyebleavlixgvzipighridmzzlqavbwgeddsmzfacrnmsansbfzyljpqijqqqxkahlrkoglmhznjzgvzuxdzpnrehjekrngspwkwmlnzipbikaijfipyslkcgkucdduvoxezwhhrhovtwgceoqnwsgndtfxldbzfyjfggwrqyldwjpivtijpm",
    "client_user_agent": "oalgblalwklbsuipscmowkgwujdjowrtowqfuamrddmkjqeaxlqbthggtgqhnmquazvdjnlivbkzwlpawdqowcwczmxskxgssbjbwwdufztfgnvrtvkzvnpfijlpcmowktdfzwkvghhfzysyfurdoizbnorhjghkyzwuhgvhvbfsflmiojrvfiojuoayaxbbihzocctzeapbypeknrgyrjvoenyepetlkedmf",
    "client_ip": "202.177.232.25",
    "attempted_at": "2023-05-15"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Request      

POST api/v1/sites/{secret_id}/login-attempts

URL Parameters

secret_id  integer  

The ID of the secret.

Body Parameters

code  string  

Must be one of security_check_failed, login_failed, endpoint_mismatch, or secret_id_unknown.

detailed_reason  string optional  

Must not be greater than 4096 characters.

identifier_hash  string optional  

The value format is invalid. Must be 64 characters.

client_site_url  string  

Must be a valid URL. The value format is invalid. Must not be greater than 2048 characters.

client_user_agent  string optional  

Must not be greater than 512 characters.

client_ip  string optional  

Must be a valid IP address.

attempted_at  string  

Must be a valid date. Must be a date before +1 hour.

GET /api/v1/logs/login-attempts/{teamId}/{attemptId}

Connector fetches one attempt. Authed via CheckApiKey (api_key in body or query). Returns 404 (not 403) on cross-team requests so we never confirm existence.

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->get(
    'https://app.trustedlogin.com/api/v1/logs/login-attempts/architecto/magnam',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request GET \
    --get "https://app.trustedlogin.com/api/v1/logs/login-attempts/architecto/magnam" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/logs/login-attempts/architecto/magnam"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Request      

GET api/v1/logs/login-attempts/{teamId}/{attemptId}

URL Parameters

teamId  string  

attemptId  string  

GET /api/v1/logs/login-attempts/{teamId}

Paginated list of team attempts, newest-first. Same auth as /logs/logins/{teamId}. per_page clamped to [1, 200], default 50.

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->get(
    'https://app.trustedlogin.com/api/v1/logs/login-attempts/perferendis',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request GET \
    --get "https://app.trustedlogin.com/api/v1/logs/login-attempts/perferendis" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/logs/login-attempts/perferendis"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Request      

GET api/v1/logs/login-attempts/{teamId}

URL Parameters

teamId  string  

Create connection tokens for all accounts a user has Returns one token foreach __owned__ teams

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->post(
    'https://app.trustedlogin.com/api/v1/token',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request POST \
    "https://app.trustedlogin.com/api/v1/token" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/token"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Request      

POST api/v1/token

Exchanges a token for one team, for all of the keys needed for that team by vendor plugin

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->post(
    'https://app.trustedlogin.com/api/v1/token/exchange',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request POST \
    "https://app.trustedlogin.com/api/v1/token/exchange" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/token/exchange"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Request      

POST api/v1/token/exchange

PUT api/v1/teams

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->put(
    'https://app.trustedlogin.com/api/v1/teams',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request PUT \
    "https://app.trustedlogin.com/api/v1/teams" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/teams"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "PUT",
    headers,
}).then(response => response.json());

Request      

PUT api/v1/teams

POST api/v1/teams/{id}

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->post(
    'https://app.trustedlogin.com/api/v1/teams/1',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request POST \
    "https://app.trustedlogin.com/api/v1/teams/1" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/teams/1"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Request      

POST api/v1/teams/{id}

URL Parameters

id  integer  

The ID of the team.

DELETE api/v1/teams/{team_id}

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->delete(
    'https://app.trustedlogin.com/api/v1/teams/1',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request DELETE \
    "https://app.trustedlogin.com/api/v1/teams/1" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/teams/1"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Request      

DELETE api/v1/teams/{team_id}

URL Parameters

team_id  integer  

The ID of the team.

POST api/v1/teams/{team_id}/pause

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->post(
    'https://app.trustedlogin.com/api/v1/teams/1/pause',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request POST \
    "https://app.trustedlogin.com/api/v1/teams/1/pause" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/teams/1/pause"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Request      

POST api/v1/teams/{team_id}/pause

URL Parameters

team_id  integer  

The ID of the team.

GET api/v1/teams/{team_id}

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->get(
    'https://app.trustedlogin.com/api/v1/teams/1',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request GET \
    --get "https://app.trustedlogin.com/api/v1/teams/1" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/teams/1"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Request      

GET api/v1/teams/{team_id}

URL Parameters

team_id  integer  

The ID of the team.

Get team members.

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->get(
    'https://app.trustedlogin.com/api/v1/teams/1/members',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request GET \
    --get "https://app.trustedlogin.com/api/v1/teams/1/members" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/teams/1/members"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Request      

GET api/v1/teams/{team_id}/members

URL Parameters

team_id  integer  

The ID of the team.

POST api/v1/teams/{team_id}/members

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->post(
    'https://app.trustedlogin.com/api/v1/teams/1/members',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
        'json' => [
            'email' => 'ellen30@example.org',
            'role' => 'qui',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request POST \
    "https://app.trustedlogin.com/api/v1/teams/1/members" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"email\": \"ellen30@example.org\",
    \"role\": \"qui\"
}"

const url = new URL(
    "https://app.trustedlogin.com/api/v1/teams/1/members"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "email": "ellen30@example.org",
    "role": "qui"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Request      

POST api/v1/teams/{team_id}/members

URL Parameters

team_id  integer  

The ID of the team.

Body Parameters

email  string  

Must be a valid email address.

role  string  

DELETE api/v1/teams/{team_id}/members/{user_id}

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->delete(
    'https://app.trustedlogin.com/api/v1/teams/1/members/1',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request DELETE \
    "https://app.trustedlogin.com/api/v1/teams/1/members/1" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/teams/1/members/1"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Request      

DELETE api/v1/teams/{team_id}/members/{user_id}

URL Parameters

team_id  integer  

The ID of the team.

user_id  integer  

The ID of the user.

Cycle team keys.

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->post(
    'https://app.trustedlogin.com/api/v1/teams/1/cycle-keys',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request POST \
    "https://app.trustedlogin.com/api/v1/teams/1/cycle-keys" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/teams/1/cycle-keys"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Request      

POST api/v1/teams/{team_id}/cycle-keys

URL Parameters

team_id  integer  

The ID of the team.

Change team member role.

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->post(
    'https://app.trustedlogin.com/api/v1/teams/1/members/1/change-role',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request POST \
    "https://app.trustedlogin.com/api/v1/teams/1/members/1/change-role" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/teams/1/members/1/change-role"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Request      

POST api/v1/teams/{team_id}/members/{user_id}/change-role

URL Parameters

team_id  integer  

The ID of the team.

user_id  integer  

The ID of the user.

Update user name or email

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->post(
    'https://app.trustedlogin.com/api/v1/users',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request POST \
    "https://app.trustedlogin.com/api/v1/users" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/users"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Request      

POST api/v1/users

Delete user.

Also delete all teams user owns

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->delete(
    'https://app.trustedlogin.com/api/v1/users',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request DELETE \
    "https://app.trustedlogin.com/api/v1/users" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/users"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Request      

DELETE api/v1/users

Create user and a team for them.

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->put(
    'https://app.trustedlogin.com/api/v1/users',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request PUT \
    "https://app.trustedlogin.com/api/v1/users" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/users"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "PUT",
    headers,
}).then(response => response.json());

Request      

PUT api/v1/users

GET api/v1/logout/remote

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->get(
    'https://app.trustedlogin.com/api/v1/logout/remote',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request GET \
    --get "https://app.trustedlogin.com/api/v1/logout/remote" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/logout/remote"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "GET",
    headers,
}).then(response => response.json());

Request      

GET api/v1/logout/remote

Sites API

The Site API is the interface between the Vendor and Client plugins, the SaaS, and the Vault.

POST api/v1/accounts/{accountId}/support-url

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->post(
    'https://app.trustedlogin.com/api/v1/accounts/eum/support-url',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
        'json' => [
            'reason' => 'commodi',
            'meta_data' => '["voluptatem","repellendus"]',
            'team' => 19,
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request POST \
    "https://app.trustedlogin.com/api/v1/accounts/eum/support-url" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"reason\": \"commodi\",
    \"meta_data\": \"[\\\"voluptatem\\\",\\\"repellendus\\\"]\",
    \"team\": 19
}"

const url = new URL(
    "https://app.trustedlogin.com/api/v1/accounts/eum/support-url"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "reason": "commodi",
    "meta_data": "[\"voluptatem\",\"repellendus\"]",
    "team": 19
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Request      

POST api/v1/accounts/{accountId}/support-url

URL Parameters

accountId  string  

Body Parameters

reason  string  

meta_data  string optional  

Must be a valid JSON string.

team  integer optional  

Create a site.

Adds a site to the SaaS and the Vault, associated with the vendor

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->post(
    'https://app.trustedlogin.com/api/v1/sites',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
            'Authorization' => 'Public Key as Bearer Token',
        ],
        'json' => [
            'accessKey' => '69a41a5d53dd23ae',
            'secretId' => 'ipsam',
            'siteUrl' => 'https://example.com/',
            'identifier' => 'ryhcsvnueqkkhwsqjyjvhemseyenexlunjcgluibqzyrutxiozvthswzedogwhmuzvihafptclrdkoqttuhrgooqzluacaecnyyuyukmfojrgfohtwndmmdkizazyzwqjizjybaiwidhubnatanqnkkdkntxloxxniceeqgdovogsqkswamawdqzsmrcbgxnlwisgnpizypl',
            'team' => 1,
            'nonce' => 'dolore',
            'clientPublicKey' => 'autem',
            'metaData' => [
                'esse',
            ],
            'version' => 'vswzpleodlbqlem',
            'wpUserId' => 9,
            'expiresAt' => 11,
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request POST \
    "https://app.trustedlogin.com/api/v1/sites" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --header "Authorization: Public Key as Bearer Token" \
    --data "{
    \"accessKey\": \"69a41a5d53dd23ae\",
    \"secretId\": \"ipsam\",
    \"siteUrl\": \"https:\\/\\/example.com\\/\",
    \"identifier\": \"ryhcsvnueqkkhwsqjyjvhemseyenexlunjcgluibqzyrutxiozvthswzedogwhmuzvihafptclrdkoqttuhrgooqzluacaecnyyuyukmfojrgfohtwndmmdkizazyzwqjizjybaiwidhubnatanqnkkdkntxloxxniceeqgdovogsqkswamawdqzsmrcbgxnlwisgnpizypl\",
    \"team\": 1,
    \"nonce\": \"dolore\",
    \"clientPublicKey\": \"autem\",
    \"metaData\": [
        \"esse\"
    ],
    \"version\": \"vswzpleodlbqlem\",
    \"wpUserId\": 9,
    \"expiresAt\": 11
}"

const url = new URL(
    "https://app.trustedlogin.com/api/v1/sites"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
    "Authorization": "Public Key as Bearer Token",
};

let body = {
    "accessKey": "69a41a5d53dd23ae",
    "secretId": "ipsam",
    "siteUrl": "https:\/\/example.com\/",
    "identifier": "ryhcsvnueqkkhwsqjyjvhemseyenexlunjcgluibqzyrutxiozvthswzedogwhmuzvihafptclrdkoqttuhrgooqzluacaecnyyuyukmfojrgfohtwndmmdkizazyzwqjizjybaiwidhubnatanqnkkdkntxloxxniceeqgdovogsqkswamawdqzsmrcbgxnlwisgnpizypl",
    "team": 1,
    "nonce": "dolore",
    "clientPublicKey": "autem",
    "metaData": [
        "esse"
    ],
    "version": "vswzpleodlbqlem",
    "wpUserId": 9,
    "expiresAt": 11
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (201):


{
    "success": true
}

Example response (422):


{
    "errors": {
        "identifier": [
            "The identifier field is required."
        ]
    }
}

Example response (500):


{
    "message": "Description of error"
}

Request      

POST api/v1/sites

Body Parameters

accessKey  string  

The site's license key or other customer identifier.

secretId  string  

A unique string representing the client site. Stored outside the Vault.

siteUrl  url optional  

The URL of the site.

identifier  string  

Must not be greater than 255 characters.

team  integer  

ID of account/team.

nonce  string  

A unique string used to validate that the request is coming from the client

clientPublicKey  required optional  

The public key of the client site

metaData  string[] optional  

version  string optional  

Must not be greater than 50 characters.

wpUserId  integer optional  

The User ID of the WordPress user on the client site who made this request

expiresAt  integer optional  

The timestamp when this support account should expire

Lookup Site by Access Key(s) or Hashed Licesne Keys.

Retrieve an array of sites' secretIds by querying one or more access keys or hashed license keys

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->post(
    'https://app.trustedlogin.com/api/v1/accounts/voluptatum/sites',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
            'Authorization' => 'Private Key as Bearer Token',
        ],
        'json' => [
            'searchKeys' => [
                'accessKey1',
                'accessKey2',
                'licenseKey1',
            ],
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request POST \
    "https://app.trustedlogin.com/api/v1/accounts/voluptatum/sites" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --header "Authorization: Private Key as Bearer Token" \
    --data "{
    \"searchKeys\": [
        \"accessKey1\",
        \"accessKey2\",
        \"licenseKey1\"
    ]
}"

const url = new URL(
    "https://app.trustedlogin.com/api/v1/accounts/voluptatum/sites"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
    "Authorization": "Private Key as Bearer Token",
};

let body = {
    "searchKeys": [
        "accessKey1",
        "accessKey2",
        "licenseKey1"
    ]
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


{
"accessKey1": [
"secretId1"
],
"accessKey2": [
"secretId2",
"secretId3"
]
"accessKey2": [
"secretId2",
"secretId3"
]
}

Example response (204, No sites):

[Empty response]

Example response (400, no access key provided):


{
    "message": "Missing searchKeys parameter in body"
}

Example response (400, access key provided, but not an array):


{
    "message": "searchKeys parameter must be an array"
}

Example response (401):


Unauthenticated.

Example response (500):


{
    "message": "Description of error"
}

Request      

POST api/v1/accounts/{accountId}/sites

URL Parameters

accountId  string  

Body Parameters

searchKeys  string[]  

The access key(s) or hashed license keys to query

Delete a site.

The url param secretId is the secretId the client used to create the site

DELETE /api/sites/<secretId>

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->delete(
    'https://app.trustedlogin.com/api/v1/sites/1',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request DELETE \
    "https://app.trustedlogin.com/api/v1/sites/1" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/sites/1"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
};

fetch(url, {
    method: "DELETE",
    headers,
}).then(response => response.json());

Example response (201):


{
    "deleted": "true"
}

Example response (200):


{
    "deleted": "false"
}

Example response (404):


{
    "message": "Site not found"
}

Request      

DELETE api/v1/sites/{secretId}

URL Parameters

secretId  integer  

Get Site Envelope.

Example request:
$client = new \GuzzleHttp\Client();
$response = $client->post(
    'https://app.trustedlogin.com/api/v1/sites/1/iste/get-envelope',
    [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
            'Authorization' => 'Private Key as Bearer Token',
            'X-TL-TOKEN' => 'SHA-256 hash of the public key and API key for this team',
        ],
    ]
);
$body = $response->getBody();
print_r(json_decode((string) $body));
curl --request POST \
    "https://app.trustedlogin.com/api/v1/sites/1/iste/get-envelope" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --header "Authorization: Private Key as Bearer Token" \
    --header "X-TL-TOKEN: SHA-256 hash of the public key and API key for this team"
const url = new URL(
    "https://app.trustedlogin.com/api/v1/sites/1/iste/get-envelope"
);

const headers = {
    "Content-Type": "application/json",
    "Accept": "application/json",
    "Authorization": "Private Key as Bearer Token",
    "X-TL-TOKEN": "SHA-256 hash of the public key and API key for this team",
};

fetch(url, {
    method: "POST",
    headers,
}).then(response => response.json());

Example response (401, Invalid Authorization header):


Unauthenticated.

Example response (401, Invalid X-TL-TOKEN header):


Unauthenticated.

Example response (401, Invalid nonce):


Invalid signature - identity of vendor not validate

Example response (404, Unable to verify team):

Example response (500):


{
    "message": "Description of error"
}

Request      

POST api/v1/sites/{accountId}/{secret_id}/get-envelope

URL Parameters

accountId  integer  

secret_id  string  

The ID of the secret.