# Authentication

## Authenticate token

<mark style="color:green;">`POST`</mark> `https://accountable.pixelninja.dev/:token/user/:uuid/authenticate/token`

This will allow you to check if the provided token is valid for the user who you provide. You can use this 10 times per second.

#### Path Parameters

| Name  | Type   | Description                                                        |
| ----- | ------ | ------------------------------------------------------------------ |
| token | string | This is your API token.                                            |
| uuid  | string | This is the UUID of the user who is suspected of owning the token. |

#### Request Body

| Name  | Type   | Description                              |
| ----- | ------ | ---------------------------------------- |
| token | string | This is the user token you are checking. |

{% tabs %}
{% tab title="200 The token you provided is correct. If you did not provide a token, it will be returned for the specified user." %}

```c
{ "code": 200, "message": "OK" }
```

{% endtab %}

{% tab title="400 The API token is incorrect." %}

```c
{ "code": 400, "message": "Bad request" }
```

{% endtab %}

{% tab title="401 The token is not valid and has never been valid." %}

```c
{ "code": 401, "message": "Unauthorized" }
```

{% endtab %}

{% tab title="410 The token was valid at some point, but it is no longer valid. If needed, check the last time the password was changed. " %}

```c
{ "code": 410, "message": "Gone" }
```

{% endtab %}
{% endtabs %}

{% hint style="info" %}
The first part of a user token (before the first ".") is a base64 encoded UUID of the user that the token belongs to.&#x20;
{% endhint %}

{% hint style="info" %}
If you do not provide a token, then the token for the user of which you have specified the UUID will be sent instead.
{% endhint %}

## Authenticate Via User Credentials

<mark style="color:green;">`POST`</mark> `https://accountable.pixelninja.dev/:token/users/authenticate`

This will take a username and password argument - returning information about the credentials if valid. You can use this endpoint 10 times per second.

#### Path Parameters

| Name  | Type   | Description             |
| ----- | ------ | ----------------------- |
| token | string | This is your API token. |

#### Request Body

| Name     | Type   | Description                                     |
| -------- | ------ | ----------------------------------------------- |
| username | string | The username of the user who is authenticating. |
| password | string | The password of the user who is authenticating. |

{% tabs %}
{% tab title="200 An example response for a user without 2fa." %}

```c
{
    "uuid": "d4b4e3d7-c081-4937-ae96-0ec140111f5b",
    "2fa": false
}
```

{% endtab %}

{% tab title="400 The provided token was incorrect or you did not provide a username and password." %}

```c
{ "code": 400, "message": "Bad request" }
```

{% endtab %}

{% tab title="401 An incorrect username or password was provided." %}

```c
{ "code": 401, "message": "Unauthorized" }
```

{% endtab %}
{% endtabs %}

{% hint style="warning" %}
Will return a boolean of 2fa if enabled plus an MFA token which should be used for assignment while checking 2fa.
{% endhint %}

{% hint style="info" %}
The username is checked in lowercase.&#x20;
{% endhint %}