User/Originator lifecycle
API is using basic authentication and the flow of the user/originator in the apps is important.
We assume in the following list all the calls are returning 200
/user/login
- Only used as an entrypoint in audit (docs)/user/originators
- List of originators connected to the user (docs)/originators/{id}/select
- Important call to update thebrowser_hash
and audit the change (docs)
In case the Authorization
header is missing the API always return the error code 401
.
Authenticated user is allowed to fetch everything under /user/
even if his or her originator is blocked. In that case calling any resources from /originators/
will trigger the state filter and returning the error code 403
and the matching error message object