Build Server-Side Endpoints

OwnID provides templates for the three request handlers you’ll host on your web server. These form the endpoints called from the OwnID platform, using signed HTTP requests.

These endpoints provide the connection between OwnId and your server for exchange user authentication data. That data is what you save in the ownIdData field you created in your database user table.

​

Add Web Server Request Handlers

Below are code templates for each of the three request handlers needed to implement your server-side endpoints:

• Set OwnIdData - setOwnIDDataByLoginId

• Get OwnIdData - getOwnIDDataByLoginId

• Get Session - getSessionByLoginId

When the OwnID server receives a login event from your frontend, it then makes the appropriate HTTP requests to these endpoints.

The user’s login id (typically the user’s email address) is the unique identifier used to look up and save records in the ownIdData field.

Select the tab matching your server-side language in the sample templates below.

​

Endpoint 1 - Set OwnIdData

This endpoint handles a request to save an ownIdData record for a given loginId when the user enrolls a new device. This is the VARCHAR field you created previously. It holds the public key of the device used for biometric authentication.

router.post('/setOwnIDDataByLoginId', async (req, res) => {
    const email = req.body.loginId; //The unique id of 
    a user in your database, usually email or phone
    const ownIdData = req.body.ownIdData; //OwnID authentication information as string
    const user = await User.findOne({ email: email }).exec();
    user.ownIdData = ownIdData;
    await user.save();
    return res.sendStatus(204);
}

Response
Implement these responses for setOwnIDDataByLoginId:

Example:

{}

​

Endpoint 2 - Get OwnIdData

This endpoint handles a request to fetch an ownIdData record for a given user’s login id.

router.post('/getOwnIDDataByLoginId', async (req, res) => {
    const email = req.body.loginId; //The unique id of a user in your database, usually email or phone
    const user = await User.findOne({ email: email }).exec();
    if (!user) { return res.json({ errorCode: 404 }) } //Error code when user doesn't exist
    res.json({ ownIdData: user.ownIdData }) //OwnID authentication information as string
});

Response

Implement these responses for getOwnIDDataByLoginId:

Examples:

{
  "ownIdData": "<String>"
}

​

Endpoint 3 - Get Session

Handle a request to fetch a token for the current session by user’s email address.

Note that token is a unique session identifier that you generate. OwnID does not validate or use the token in any way, it merely passes the token back to you so you can identify the session it’s associated with.

Later, we’ll see how the OwnID login event returns this value in the frontend to establish a client session.

router.post('/getSessionByLoginId', async (req, res) => {
    const sign = require('jwt-encode');
    const email = req.body.loginId; //The unique id of a user in your database, usually email or phone
    const user = await User.findOne({ email: email }).exec();
    const jwt = sign({ email: user.email }, 'secret');
    return res.json({ token: jwt });
});

Response

Implement these responses for getSessionByLoginId:

Example:

{
  "token": "<String>"
}

​

Next Steps

With the request handlers in place, you’re ready to build the frontend integrations for login, registration, account recovery, and more.